In Async prior to 2.6.4 and 3.x prior to 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
async project async |
||
fedoraproject fedora 36 |
||
fedoraproject fedora 37 |