Bug 2006397 (CVE-2021-3805) - CVE-2021-3805 nodejs-object-path: prototype pollution vulnerability
Summary: CVE-2021-3805 nodejs-object-path: prototype pollution vulnerability
Status: NEW
Alias: CVE-2021-3805
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Nobody
QA Contact:
Depends On: 1999365 2010623 2010624 2010625 2010626 2010627 2010628 2010629 2020099 2020100
Blocks: 2006398
TreeView+ depends on / blocked
Reported: 2021-09-21 16:21 UTC by Guilherme de Almeida Suckevicz
Modified: 2023-10-25 17:21 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the object-path nodejs library when the del() function is called to validate object properties. An attacker can manipulate or alter the prototype of an object causing the modification of default properties on all objects. This could lead into a service disruption or a denial of service attack (DoS).
Clone Of:
Last Closed:

Attachments (Terms of Use)

Description Guilherme de Almeida Suckevicz 2021-09-21 16:21:59 UTC
object-path is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')


Note You need to log in before you can comment on or make changes to this bug.