CVE-2021-4245

low-risk
Published 2022-12-15

A vulnerability classified as problematic has been found in chbrown rfc6902. This affects an unknown part of the file pointer.ts. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). The exploit has been disclosed to the public and may be used. The name of the patch is c006ce9faa43d31edb34924f1df7b79c137096cf. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-215883.

Do I need to act?

-
0.65% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
5
CVSS 5.5/10 Medium
ADJACENT_NETWORK / LOW complexity

Affected Products (1)

Rfc6902

Affected Vendors

Rfc6902 Project

References (6)

Patch https://github.com/chbrown/rfc6902/commit/c006ce9faa43d31edb34924f1df7b79c137096...
Exploit https://github.com/chbrown/rfc6902/pull/76
Permissions Required https://vuldb.com/?id.215883
Patch https://github.com/chbrown/rfc6902/commit/c006ce9faa43d31edb34924f1df7b79c137096...
Exploit https://github.com/chbrown/rfc6902/pull/76
Permissions Required https://vuldb.com/?id.215883
25
/ 100
low-risk
Severity 18/34 · Moderate
Exploitability 2/34 · Minimal
Exposure 5/34 · Minimal