CVE-2021-25915

moderate-risk
Published 2021-03-09

Prototype pollution vulnerability in 'changeset' versions 0.0.1 through 0.2.5 allows an attacker to cause a denial of service and may lead to remote code execution.

Do I need to act?

~
2.9% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
+
Fix available
Upgrade to: add97c66e34b27ad51a7ba02f959f49817671f88, 9e588844edbb9993b32e7366cc799262b4447f99
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Changeset

Affected Vendors

Changeset Project

References (4)

Patch https://github.com/eugeneware/changeset/commit/9e588844edbb9993b32e7366cc799262b...
Exploit https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25915
Patch https://github.com/eugeneware/changeset/commit/9e588844edbb9993b32e7366cc799262b...
Exploit https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25915
43
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 6/34 · Minimal
Exposure 5/34 · Minimal