CVE-2021-28860
Published: 03 May 2021
Summary
CVE-2021-28860 is a critical-severity Prototype Pollution (CWE-1321) vulnerability in Adaltas Mixme. Its CVSS base score is 9.1 (Critical).
Operationally, ranked in the top 21.0% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-1163
Vulnerability details
In Node.js mixme, prior to v0.5.1, an attacker can add or alter properties of an object via '__proto__' through the mutate() and merge() functions. The polluted attribute will be directly assigned to every object in the program. This will put…
more
the availability of the program at risk causing a potential denial of service (DoS).
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.