[NPM:GHSA-FWR7-V2MV-HH25] Prototype Pollution in async
Severity
High
Affected Packages
2
Fixed Packages
2
CVEs
1
A vulnerability exists in Async through 3.2.1 for 3.x and through 2.6.3 for 2.x (fixed in 3.2.2 and 2.6.4), which could let a malicious user obtain privileges via the mapValues() method.
| Package | Affected Version |
|---|---|
 pkg:npm/async
|
>= 2.0.0, < 2.6.4 |
|
pkg:npm/async
|
>= 3.0.0, < 3.2.2 |
| Package | Fixed Version |
|---|---|
|
pkg:npm/async
|
= 2.6.4 |
|
pkg:npm/async
|
= 3.2.2 |
- ID
- NPM:GHSA-FWR7-V2MV-HH25
- Severity
- high
- URL
- https://github.com/advisories/GHSA-fwr7-v2mv-hh25
- Published
-
2022-04-07T00:00:17
(2 years ago) - Modified
-
2023-11-28T23:54:18
(9 months ago) - Rights
- NPM Security Team
- Other Advisories
-
-
FEDORA-2023-18fd476362
-
FEDORA-2023-2e38c3756f
-
FEDORA-2023-86d75130fe
-
FEDORA-2023-a4f0b29f6c
-
FEDORA-2023-ce8943223c
-
SUSE-SU-2022:3313-1
-
SUSE-SU-2022:3314-1
-
SUSE-SU-2022:3761-1
-
SUSE-SU-2023:2575-1
-
SUSE-SU-2023:2578-1
-
SUSE-SU-2023:2579-1
-
SUSE-SU-2024:0191-1
-
SUSE-SU-2024:0196-1
-
SUSE-SU-2024:0486-1
-
SUSE-SU-2024:0487-1
-
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |