Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2021-32736 Vulnerability in npm package think-helper

Description

think-helper defines a set of helper functions for ThinkJS. In versions of think-helper prior to 1.1.3, the software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype. The vulnerability is patched in version 1.1.3.

Remediation

References

https://github.com/thinkjs/think-helper/security/advisories/GHSA-vr5m-3h59-7jcp

Related Vulnerabilities

CVE-2015-6524 Vulnerability in maven package org.apache.activemq:activemq-all

CVE-2016-10677 Vulnerability in npm package google-closure-tools-latest

CVE-2016-10648 Vulnerability in npm package marionette-socket-host

CVE-2019-10350 Vulnerability in maven package org.jenkins-ci.plugins:port-allocator

CVE-2022-31147 Vulnerability in maven package org.webjars.bowergithub.jquery-validation:jquery-validation

Severity

High

Classification

CWE-1321 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Third Party Advisory