CVE-2021-23413

CVE-2021-23413

This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values (e.g __proto__, toString, etc) results in a returned object with a modified prototype instance.

Published Jul 26, 2021

Issue #762 PR #766

CVSS ScoreMedium

5.3

Vulnerabilities

CVE-2021-23413

Published Jul 26, 2021

Issue #762 PR #766

CVSS ScoreMedium

5.3

CVE-2021-23413 Security Details

CVE ID: CVE-2021-23413
CWE: NVD-CWE-noinfo
CVE Description: This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values (e.g __proto__, toString, etc) results in a returned object with a modified prototype instance.
Published: Jul 26, 2021
CVSS Score & Severity: 5.3Medium
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score: 1.214%
Malware: malware
KEV Status: Not in KEV Catalog: No known exploits
Affected Ecosystems: affected
Source: National Vulnerability Database
References: GitHub · Issue #762PROJECT
GitHub · PR #766PROJECT

CVE-2021-23413 Security Details

CVE ID: CVE-2021-23413
CWE: NVD-CWE-noinfo
CVE Description: This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values (e.g __proto__, toString, etc) results in a returned object with a modified prototype instance.
Published: Jul 26, 2021
CVSS Score & Severity: 5.3Medium
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
EPSS Score: 1.214%
Malware: malware
KEV Status: Not in KEV Catalog: No known exploits
Affected Ecosystems: affected
Source: National Vulnerability Database
References: GitHub · Issue #762PROJECT
GitHub · PR #766PROJECT

Find vulnerabilities. Fix fast with AI.

CVE-2021-23413

CVE-2021-23413 Security Details

CVE-2021-23413 Security Details