How severe is CVE-2021-41097?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2021-41097?

This is classified as CWE-1321, which is a common weakness in software security.

CVE-2021-41097 - HIGH Severity | CVSS 7.5

Vulnerability Description

aurelia-path is part of the Aurelia platform and contains utilities for path manipulation. There is a prototype pollution vulnerability in aurelia-path before version 1.1.7. The vulnerability exposes Aurelia application that uses `aurelia-path` package to parse a string. The majority of this will be Aurelia applications that employ the `aurelia-router` package. An example is this could allow an attacker to change the prototype of base object class `Object` by tricking an application to parse the following URL: `https://aurelia.io/blog/?__proto__[asdf]=asdf`. The problem is patched in version `1.1.7`.

Related Vulnerabilities

CVE-2019-10745

HIGH

CVSS:7.5(High)

assign-deep is vulnerable to Prototype Pollution in versions before 0.4.8 and version 1.0.0. The function assign-deep could be tricked into adding or modifying properties of Object.prototype using eit...

CWE-13212019

CVE-2019-10768

HIGH

CVSS:7.5(High)

In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or modifying properties of `Object.prototype` using a `__proto__` payload.

CWE-13212019

CVE-2019-16328

HIGH

CVSS:7.5(High)

In RPyC 4.1.x through 4.1.1, a remote attacker can dynamically modify object attributes to construct a remote procedure call that executes code for an RPyC service with default configuration settings.

CWE-13212019

CVE-2020-24939

HIGH

CVSS:7.5(High)

Prototype pollution in Stampit supermixer 1.0.3 allows an attacker to modify the prototype of a base object which can vary in severity depending on the implementation.

CWE-13212020

CVE-2020-28268

HIGH

CVSS:7.5(High)

Prototype pollution vulnerability in 'controlled-merge' versions 1.0.0 through 1.2.0 allows attacker to cause a denial of service and may lead to remote code execution.

CWE-13212020

CVE-2020-7792

HIGH

CVSS:7.5(High)

This affects all versions of package mout. The deepFillIn function can be used to 'fill missing properties recursively', while the deepMixIn 'mixes objects into the target object, recursively mixing e...

CWE-13212020