CVE-2021-42581
Published: 10 May 2022
Summary
CVE-2021-42581 is a critical-severity Prototype Pollution (CWE-1321) vulnerability in Ramdajs Ramda. Its CVSS base score is 9.1 (Critical).
Operationally, ranked at the 38.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-29546
Vulnerability details
Prototype poisoning in function mapObjIndexed in Ramda 0.27.0 and earlier allows attackers to compromise integrity or availability of application via supplying a crafted object (that contains an own property "__proto__") as an argument to the function. NOTE: the vendor disputes…
more
this because the observed behavior only means that a user can create objects that the user didn't know would contain custom prototypes
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.