How severe is CVE-2021-4278?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2021-4278?

This is classified as CWE-1321, which is a common weakness in software security.

CVE-2021-4278

HIGH Year: 2021

CVSS v3 Score

7.8

High

Weakness Type

CWE-1321

View all →

Vulnerability Description

A vulnerability classified as problematic has been found in cronvel tree-kit up to 0.6.x. This affects an unknown part. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). Upgrading to version 0.7.0 is able to address this issue. The name of the patch is a63f559c50d70e8cb2eaae670dec25d1dbc4afcd. It is recommended to upgrade the affected component. The identifier VDB-216765 was assigned to this vulnerability.

CVE-2020-7641

HIGH

CVSS:7.8(High)

This affects all versions of package grunt-util-property. The function call could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.

CWE-13212020

CVE-2021-43138

HIGH

CVSS:7.8(High)

In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.

CWE-13212021

CVE-2023-30533

HIGH

CVSS:7.8(High)

SheetJS Community Edition before 0.19.3 allows Prototype Pollution via a crafted file. In other words. 0.19.2 and earlier are affected, whereas 0.19.3 and later are unaffected.

CWE-13212023

CVE-2023-45811

HIGH

CVSS:7.8(High)

Synchrony deobfuscator is a javascript cleaner & deobfuscator. A `__proto__` pollution vulnerability exists in versions before v2.4.4. Successful exploitation could lead to arbitrary code execution. A...

CWE-13212023