CVE-2021-25952

Improperly Controlled Modification of Dynamically-Determined Object Attributes in npm/just-safe-set

Identifier

CVE-2021-25952

Package Slug

npm/just-safe-set

Vulnerability

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Description

Prototype pollution vulnerability in ‘just-safe-set’ allows an attacker to cause a denial of service and may lead to remote code execution.

Affected Versions

All versions starting from 1.0.0 up to 2.2.1

Solution

Upgrade to version 2.2.2 or above.

Last Modified

2021-07-12

source