CVE-2021-20089

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in purl 2.3.2 allows a malicious user to inject properties into Object.prototype.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:purl_project:purl:2.3.2:*:*:*:*:*:*:*

History

08 Aug 2023, 14:22

Type Values Removed Values Added
CWE NVD-CWE-Other CWE-1321

04 May 2021, 13:29

Type Values Removed Values Added
CVSS v2 : 7.5
v3 : 9.8
v2 : 6.5
v3 : 8.8

01 May 2021, 04:11

Type Values Removed Values Added
References (MISC) https://github.com/BlackFan/client-side-prototype-pollution/blob/master/pp/purl.md - (MISC) https://github.com/BlackFan/client-side-prototype-pollution/blob/master/pp/purl.md - Exploit, Third Party Advisory
CWE NVD-CWE-Other
CVSS v2 : unknown
v3 : unknown
v2 : 7.5
v3 : 9.8
CPE cpe:2.3:a:purl_project:purl:2.3.2:*:*:*:*:*:*:*

23 Apr 2021, 19:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-04-23 19:15

Updated : 2023-12-10 13:55


NVD link : CVE-2021-20089

Mitre link : CVE-2021-20089

CVE.ORG link : CVE-2021-20089


JSON object : View

Products Affected

purl_project

  • purl
CWE
CWE-1321

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')