CVE-2021-23426

MEDIUM

Proto - Prototype Pollution via Merge Function

Title source: llm
STIX 2.1

Description

This affects all versions of package Proto. It is possible to inject pollute the object property of an application using Proto by leveraging the merge function.

References (2)

Core 2
Core References
Exploit, Mitigation, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JS-PROTO-1316301
Product, Third Party Advisory x_refsource_misc
https://www.npmjs.com/package/Proto

Scores

CVSS v3 5.6
EPSS 0.0086
EPSS Percentile 54.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

Status published
Products (2)
npm/Proto 0npm
proto_project/proto
Published Sep 01, 2021
Tracked Since Feb 18, 2026