Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2021-43138

Published: 06/04/2022 Updated: 07/11/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 606
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

In Async prior to 2.6.4 and 3.x prior to 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

async project async

fedoraproject fedora 36

fedoraproject fedora 37

Vendor Advisories

Red Hat: Moderate: Migration Toolkit for Containers (MTC) 1.7.7 security and bug fix update
Synopsis Moderate: Migration Toolkit for Containers (MTC) 177 security and bug fix update Type/Severity Security Advisory: Moderate Topic The Migration Toolkit for Containers (MTC) 177 is now availableRed Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base ...
Red Hat: Moderate: Red Hat OpenShift Service Mesh 2.2.7 security update
Synopsis Moderate: Red Hat OpenShift Service Mesh 227 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Service Mesh 227Red Hat Product Security has rated this update as having a security impact of Moderate A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is ...

References

CWE-1321https://github.com/caolan/async/blob/master/lib/mapValuesLimit.jshttps://jsfiddle.net/oz5twjd9/https://github.com/caolan/async/blob/master/lib/internal/iterator.jshttps://github.com/caolan/async/commit/e1ecdbf79264f9ab488c7799f4c76996d5dca66dhttps://github.com/caolan/async/pull/1828https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md#v264https://github.com/caolan/async/compare/v2.6.3...v2.6.4https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTEUUTNIEBHGKUKKLNUZSV7IEP6IP3Q3/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UM6XJ73Q3NAM5KSGCOKJ2ZIA6GUWUJLK/https://access.redhat.com/errata/RHSA-2023:0693https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
camerabypassCVE-2024-3592CVE-2024-37383CVE-2024-24919CVE-2024-27822CVE-2024-36788CVE-2024-36789man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook