CVE-2021-43138 @ Npm-async-1.5.2

**Vulnerable Package** issue exists @ **Npm\-async\-1\.5\.2** in branch **main**

In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.

**Namespace:** Svetlana-github
**Repository:** test
**Repository Url:** https://github.com/Svetlana-github/test
**CxAST\-Project:** Svetlana-github/test
**CxAST platform scan:** [8821ba41\-d324\-41fa\-8053\-d13dfc156a43](https://eu.ast.checkmarx.net/projects/5da41c16-f93a-48f1-9010-ef163f3c93ae/scans?id=8821ba41-d324-41fa-8053-d13dfc156a43&branch=main)
**Branch:** main
**Application:** test
**Severity:** HIGH
**State:** NOT_IGNORED
**Status:** RECURRENT
**CWE:** CWE-1321


----
**Addition Info**
**Attack vector:** LOCAL
**Attack complexity:** LOW
**Confidentiality impact:** HIGH
**Availability impact:** HIGH
**Remediation Upgrade Recommendation:** 2.6.4


----
**References**
[Advisory](https://github.com/advisories/GHSA-fwr7-v2mv-hh25)
[Commit](https://github.com/caolan/async/commit/e1ecdbf79264f9ab488c7799f4c76996d5dca66d)
[POC/Exploit](https://jsfiddle.net/oz5twjd9/)


Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

CVE-2021-43138 @ Npm-async-1.5.2 #174

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

CVE-2021-43138 @ Npm-async-1.5.2 #174

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions