[NPM:GHSA-FWR7-V2MV-HH25] Prototype Pollution in async
Severity
High
Affected Packages
2
Fixed Packages
2
CVEs
1
A vulnerability exists in Async through 3.2.1 for 3.x and through 2.6.3 for 2.x (fixed in 3.2.2 and 2.6.4), which could let a malicious user obtain privileges via the mapValues()
method.
Package | Affected Version |
---|---|
pkg:npm/async | >= 2.0.0, < 2.6.4 |
pkg:npm/async | >= 3.0.0, < 3.2.2 |
Package | Fixed Version |
---|---|
pkg:npm/async | = 2.6.4 |
pkg:npm/async | = 3.2.2 |
- ID
- NPM:GHSA-FWR7-V2MV-HH25
- Severity
- high
- URL
- https://github.com/advisories/GHSA-fwr7-v2mv-hh25
- Published
-
2022-04-07T00:00:17
(2 years ago) - Modified
-
2023-11-28T23:54:18
(9 months ago) - Rights
- NPM Security Team
- Other Advisories
-
- FEDORA-2023-18fd476362
- FEDORA-2023-2e38c3756f
- FEDORA-2023-86d75130fe
- FEDORA-2023-a4f0b29f6c
- FEDORA-2023-ce8943223c
- SUSE-SU-2022:3313-1
- SUSE-SU-2022:3314-1
- SUSE-SU-2022:3761-1
- SUSE-SU-2023:2575-1
- SUSE-SU-2023:2578-1
- SUSE-SU-2023:2579-1
- SUSE-SU-2024:0191-1
- SUSE-SU-2024:0196-1
- SUSE-SU-2024:0486-1
- SUSE-SU-2024:0487-1
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |