CVE-2021-32736 — HIGH (7.5)

Q: How severe is CVE-2021-32736?

CVE-2021-32736 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-32736?

Check the references section above for vendor advisories and patch information. Affected products include: Thinkjs Think-Helper.

Vulnerability Description

think-helper defines a set of helper functions for ThinkJS. In versions of think-helper prior to 1.1.3, the software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype. The vulnerability is patched in version 1.1.3.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Thinkjs	Think-Helper	< 1.1.3

Related Weaknesses (CWE)

CWE-1321

References

https://github.com/thinkjs/think-helper/security/advisories/GHSA-vr5m-3h59-7jcpThird Party Advisory
https://github.com/thinkjs/think-helper/security/advisories/GHSA-vr5m-3h59-7jcpThird Party Advisory

FAQ

What is CVE-2021-32736?

CVE-2021-32736 is a vulnerability with a CVSS score of 7.5 (HIGH). think-helper defines a set of helper functions for ThinkJS. In versions of think-helper prior to 1.1.3, the software receives input from an upstream component that specifies attributes that are to be ...

How severe is CVE-2021-32736?

CVE-2021-32736 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-32736?

Check the references section above for vendor advisories and patch information. Affected products include: Thinkjs Think-Helper.