CVE-2021-44906
Summary
| CVE | CVE-2021-44906 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-03-17 16:15:00 UTC |
| Updated | 2022-04-12 16:52:00 UTC |
| Description | Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95). |
Risk And Classification
Problem Types: CWE-1321
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| insufficient fix for prototype pollution in setKey() CVE-2021-44906 · Issue #164 · substack/minimist · GitHub | MISC | github.com | |
| JavaScript-vulnerability-detection/minimist PoC.zip at main · Marynk/JavaScript-vulnerability-detection · GitHub | MISC | github.com | |
| Prototype Pollution in minimist | CVE-2020-7598 | Snyk | MISC | snyk.io | |
| javascript - Adding custom properties to a function - Stack Overflow | MISC | stackoverflow.com | |
| minimist/index.js at master · substack/minimist · GitHub | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 160361 Oracle Enterprise Linux Security Update for nodejs:16 (ELSA-2022-9073-1)
- 160373 Oracle Enterprise Linux Security Update for nodejs:14 (ELSA-2023-0050)
- 160410 Oracle Enterprise Linux Security Update for nodejs and nodejs-nodemon (ELSA-2023-0321)
- 180816 Debian Security Update for node-minimist (CVE-2021-44906)
- 240414 Red Hat Update for rh-nodejs12-nodejs security (RHSA-2022:4914)
- 240589 Red Hat Update for JBoss Enterprise Application Platform 7.4.6 (RHSA-2022:5893)
- 240590 Red Hat Update for JBoss Enterprise Application Platform 7.4.6 (RHSA-2022:5892)
- 240591 Red Hat Update for red hat jboss enterprise application platform 7.4.6 (RHSA-2022:5894)
- 240747 Red Hat Update for rh-nodejs14-nodejs (RHSA-2022:7044)
- 241026 Red Hat Update for nodejs:16 security (RHSA-2022:9073)
- 241041 Red Hat Update for nodejs:14 security (RHSA-2023:0050)
- 241117 Red Hat Update for nodejs and nodejs-nodemon security (RHSA-2023:0321)
- 241160 Red Hat Update for rh-nodejs14-nodejs and rh-nodejs14-nodejs-nodemon (RHSA-2023:0612)
- 241304 Red Hat Update for nodejs:14 security (RHSA-2023:1533)
- 241341 Red Hat Update for nodejs:14 security (RHSA-2023:1742)
- 378045 Alibaba Cloud Linux Security Update for nodejs:14 (ALINUX3-SA-2023:0026)
- 379452 IBM Cognos Analytics Multiple Vulnerabilities (7123154)
- 752086 SUSE Enterprise Linux Security Update for nodejs14 (SUSE-SU-2022:1462-1)
- 752088 SUSE Enterprise Linux Security Update for nodejs12 (SUSE-SU-2022:1461-1)
- 752142 SUSE Enterprise Linux Security Update for nodejs10 (SUSE-SU-2022:1717-1)
- 905100 Common Base Linux Mariner (CBL-Mariner) Security Update for reaper (12617)
- 940859 AlmaLinux Security Update for nodejs:16 (ALSA-2022:9073)
- 940865 AlmaLinux Security Update for nodejs:14 (ALSA-2023:0050)
- 940906 AlmaLinux Security Update for nodejs and nodejs-nodemon (ALSA-2023:0321)
- 960468 Rocky Linux Security Update for nodejs:16 (RLSA-2022:9073)
- 960517 Rocky Linux Security Update for nodejs and nodejs-nodemon (RLSA-2023:0321)
- 960645 Rocky Linux Security Update for nodejs:14 (RLSA-2023:0050)