First published: Thu Jun 10 2021(Updated: )
Prototype pollution vulnerability in 'expand-hash' versions 0.1.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.
Credit: vulnerabilitylab@mend.io
Affected Software | Affected Version | How to fix |
---|---|---|
Expand-hash Project Expand-hash | >=0.1.0<=1.0.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2021-25948.
The severity of CVE-2021-25948 is critical with a severity value of 9.8.
The affected software for CVE-2021-25948 is 'expand-hash' versions from 0.1.0 through 1.0.1.
CVE-2021-25948 allows an attacker to cause a denial of service and may lead to remote code execution.
To fix CVE-2021-25948, it is recommended to update to a version of 'expand-hash' beyond 1.0.1.