CVE-2021-44906
Description
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.882
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Multiple vulnerabilities are fixed in Couchbase Server Enterprise Edition 7.1.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.1.7 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 11.2.4 | Windows |
| Multiple Vulnerabilities are affected in IBM Cognos Analytics 12.0.1 | Windows |
| Multiple Vulnerabilities are affected in IBM Planning Analytics Local 2.0 | Windows |
| Multiple Vulnerabilities are affected in IBM App Connect Enterprise 12.0.3.0 | Windows |
| Multiple Vulnerabilities are affected in IBM App Connect Enterprise 11.0.0.17 | Windows |
| Nodejs update (ELSA-2022-9073-1) nodejs-16.18.1-3.module+el8.7.0+20893+df13f383.x86_64.rpm | Linux |
| Nodejs-devel update (ELSA-2022-9073-1) nodejs-devel-16.18.1-3.module+el8.7.0+20893+df13f383.x86_64.rpm | Linux |
| Nodejs-docs update (ELSA-2022-9073-1) nodejs-docs-16.18.1-3.module+el8.7.0+20893+df13f383.noarch.rpm | Linux |
| Nodejs-full-i18n update (ELSA-2022-9073-1) nodejs-full-i18n-16.18.1-3.module+el8.7.0+20893+df13f383.x86_64.rpm | Linux |
| Nodejs-nodemon update (ELSA-2022-9073-1) nodejs-nodemon-2.0.20-2.module+el8.7.0+20893+df13f383.noarch.rpm | Linux |
| Nodejs-packaging update (ELSA-2022-9073-1) nodejs-packaging-25-1.module+el8.5.0+20388+4b61e68d.noarch.rpm | Linux |
| Npm update (ELSA-2022-9073-1) npm-8.19.2-1.16.18.1.3.module+el8.7.0+20893+df13f383.x86_64.rpm | Linux |
| (RHSA-2022:9073) nodejs:16 security, bug fix, and enhancement update nodejs-nodemon-2.0.20-2.module+el8.7.0+17412+bb0e4a6b.noarch.rpm | Linux |
| Nodejs update (ELSA-2023-0050) nodejs-14.21.1-2.module+el8.7.0+20895+79a25710.x86_64.rpm | Linux |
| Nodejs-devel update (ELSA-2023-0050) nodejs-devel-14.21.1-2.module+el8.7.0+20895+79a25710.x86_64.rpm | Linux |
| Nodejs-docs update (ELSA-2023-0050) nodejs-docs-14.21.1-2.module+el8.7.0+20895+79a25710.noarch.rpm | Linux |
| Nodejs-full-i18n update (ELSA-2023-0050) nodejs-full-i18n-14.21.1-2.module+el8.7.0+20895+79a25710.x86_64.rpm | Linux |
| Nodejs-nodemon update (ELSA-2023-0050) nodejs-nodemon-2.0.20-2.module+el8.7.0+20895+79a25710.noarch.rpm | Linux |
| Nodejs-packaging update (ELSA-2023-0050) nodejs-packaging-23-3.module+el8.3.0+7818+6cd30d85.noarch.rpm | Linux |
| Npm update (ELSA-2023-0050) npm-6.14.17-1.14.21.1.2.module+el8.7.0+20895+79a25710.x86_64.rpm | Linux |
| (RHSA-2023:0050) nodejs:14 security, bug fix, and enhancement update nodejs-14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64.rpm | Linux |
| (RHSA-2023:0050) nodejs:14 security, bug fix, and enhancement update nodejs-debugsource-14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64.rpm | Linux |
| (RHSA-2023:0050) nodejs:14 security, bug fix, and enhancement update nodejs-devel-14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64.rpm | Linux |
| (RHSA-2023:0050) nodejs:14 security, bug fix, and enhancement update nodejs-docs-14.21.1-2.module+el8.7.0+17528+a329cd47.noarch.rpm | Linux |
| (RHSA-2023:0050) nodejs:14 security, bug fix, and enhancement update nodejs-full-i18n-14.21.1-2.module+el8.7.0+17528+a329cd47.x86_64.rpm | Linux |
| (RHSA-2023:0050) nodejs:14 security, bug fix, and enhancement update nodejs-nodemon-2.0.20-2.module+el8.7.0+17528+a329cd47.noarch.rpm | Linux |
| (RHSA-2023:0050) nodejs:14 security, bug fix, and enhancement update npm-6.14.17-1.14.21.1.2.module+el8.7.0+17528+a329cd47.x86_64.rpm | Linux |
| Nodejs update (ELSA-2023-0321) nodejs-16.18.1-3.el9_1.x86_64.rpm | Linux |
| Nodejs-docs update (ELSA-2023-0321) nodejs-docs-16.18.1-3.el9_1.noarch.rpm | Linux |
| Nodejs-full-i18n update (ELSA-2023-0321) nodejs-full-i18n-16.18.1-3.el9_1.x86_64.rpm | Linux |
| Nodejs-libs update (ELSA-2023-0321) nodejs-libs-16.18.1-3.el9_1.i686.rpm | Linux |
| Nodejs-libs update (ELSA-2023-0321) nodejs-libs-16.18.1-3.el9_1.x86_64.rpm | Linux |
| Nodejs-nodemon update (ELSA-2023-0321) nodejs-nodemon-2.0.20-2.el9_1.noarch.rpm | Linux |
| Npm update (ELSA-2023-0321) npm-8.19.2-1.16.18.1.3.el9_1.x86_64.rpm | Linux |
| (RHSA-2023:0321) nodejs and nodejs-nodemon security, bug fix, and enhancement update nodejs-16.18.1-3.el9_1.x86_64.rpm | Linux |
| (RHSA-2023:0321) nodejs and nodejs-nodemon security, bug fix, and enhancement update nodejs-debugsource-16.18.1-3.el9_1.i686.rpm | Linux |
| (RHSA-2023:0321) nodejs and nodejs-nodemon security, bug fix, and enhancement update nodejs-debugsource-16.18.1-3.el9_1.x86_64.rpm | Linux |
| (RHSA-2023:0321) nodejs and nodejs-nodemon security, bug fix, and enhancement update nodejs-docs-16.18.1-3.el9_1.noarch.rpm | Linux |
| (RHSA-2023:0321) nodejs and nodejs-nodemon security, bug fix, and enhancement update nodejs-full-i18n-16.18.1-3.el9_1.x86_64.rpm | Linux |
| (RHSA-2023:0321) nodejs and nodejs-nodemon security, bug fix, and enhancement update nodejs-libs-16.18.1-3.el9_1.i686.rpm | Linux |
| (RHSA-2023:0321) nodejs and nodejs-nodemon security, bug fix, and enhancement update nodejs-libs-16.18.1-3.el9_1.x86_64.rpm | Linux |
| (RHSA-2023:0321) nodejs and nodejs-nodemon security, bug fix, and enhancement update nodejs-nodemon-2.0.20-2.el9_1.noarch.rpm | Linux |
| (RHSA-2023:0321) nodejs and nodejs-nodemon security, bug fix, and enhancement update npm-8.19.2-1.16.18.1.3.el9_1.x86_64.rpm | Linux |
| nodejs and nodejs-nodemon security, bug fix, and enhancement update (RLSA-2023:0321) nodejs-libs-16.18.1-3.el9_1.i686.rpm | Linux |
| nodejs and nodejs-nodemon security, bug fix, and enhancement update (RLSA-2023:0321) nodejs-libs-16.18.1-3.el9_1.x86_64.rpm | Linux |
| nodejs and nodejs-nodemon security, bug fix, and enhancement update (RLSA-2023:0321) nodejs-nodemon-2.0.20-2.el9_1.noarch.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234