VDB
CVE-2021-23386
CVE-2021-23386
PUBLISHED
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
EPSS 0.45% · 63.9th percentile
Risk Scores
EPSS Score
0.45%
63.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | * |
Timeline
- May 20, 2021 CVE Published
- May 21, 2021 EPSS Score
- Sep 23, 2021 EPSS Score
- Oct 6, 2021 PoC Published
- Jan 6, 2022 EPSS Score
- Jan 24, 2022 EPSS Score
- Mar 26, 2022 EPSS Score
- Apr 7, 2022 PoC Published
- May 27, 2022 EPSS Score
- Jul 12, 2022 CVE Updated
- Sep 28, 2022 EPSS Score
- Nov 28, 2022 EPSS Score
References
- https://www.ibm.com/support/pages/node/6614909 advisory
- https://www.ibm.com/support/pages/node/6614725 advisory
- https://snyk.io/vuln/SNYK-JS-MINIMIST-559764 url
- https://github.com/Marynk/JavaScript-vulnerability-detection/blob/main/minimist%20PoC.zip url
- https://github.com/substack/minimist/blob/master/index.js#L69 url
- https://stackoverflow.com/questions/8588563/adding-custom-properties-to-a-function/20278068#20278068 url
- https://github.com/substack/minimist/issues/164 url
- https://security.netapp.com/advisory/ntap-20240621-0006/ url