mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-27 14:32:30 +02:00
marc
892 B
892 B
CVE-2021-42581
Description
** DISPUTED ** Prototype poisoning in function mapObjIndexed in Ramda 0.27.0 and earlier allows attackers to compromise integrity or availability of application via supplying a crafted object (that contains an own property "proto") as an argument to the function. NOTE: the vendor disputes this because the observed behavior only means that a user can create objects that the user didn't know would contain custom prototypes.
POC
Reference
Github
No PoCs found on GitHub currently.