View all vulnerabilities

CVE-2021-43138

Prototype Pollution in async

A vulnerability exists in Async through 3.2.1 for 3.x and through 2.6.3 for 2.x (fixed in 3.2.2 and 2.6.4), which could let a malicious user obtain privileges via the `mapValues()` method.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Vulnerability Details
Score
7.7
Score Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Versions
async >= 3.0.0 < 3.2.2; async >= 2.0.0 < 2.6.4
Severity
High
Ecosystem
JavaScript
Publish Date
April 6, 2022
Modified Date
June 24, 2024