Description
think-helper defines a set of helper functions for ThinkJS. In versions of think-helper prior to 1.1.3, the software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype. The vulnerability is patched in version 1.1.3.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_confirm
https://github.com/thinkjs/think-helper/security/advisories/GHSA-vr5m-3h59-7jcp
Scores
CVSS v3
7.5
EPSS
0.0101
EPSS Percentile
58.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-1321
Status
published
Products (2)
npm/think-helper
0 - 1.1.3npm
thinkjs/think-helper
< 1.1.3
Published
Jun 30, 2021
Tracked Since
Feb 18, 2026