Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for mixme by adaltas

    CVE-2021-28860 (GCVE-0-2021-28860)

    Vulnerability from nvd – Published: 2021-05-03 11:48 – Updated: 2026-07-09 00:12
    VLAI
    Summary
    In Node.js mixme, prior to v0.5.1, an attacker can add or alter properties of an object via '__proto__' through the mutate() and merge() functions. The polluted attribute will be directly assigned to every object in the program. This will put the availability of the program at risk causing a potential denial of service (DoS).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-07-09T00:12:54.018Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.npmjs.com/~david"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/adaltas/node-mixme/issues/1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/adaltas/node-mixme/commit/cfd5fbfc32368bcf7e06d1c5985ea60e34cd4028"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/adaltas/node-mixme/security/advisories/GHSA-79jw-6wg7-r9g4"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210618-0005/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Node.js mixme, prior to v0.5.1, an attacker can add or alter properties of an object via \u0027__proto__\u0027 through the mutate() and merge() functions. The polluted attribute will be directly assigned to every object in the program. This will put the availability of the program at risk causing a potential denial of service (DoS)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-04T23:45:10.593Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.npmjs.com/~david"
            },
            {
              "url": "https://github.com/adaltas/node-mixme/issues/1"
            },
            {
              "url": "https://github.com/adaltas/node-mixme/commit/cfd5fbfc32368bcf7e06d1c5985ea60e34cd4028"
            },
            {
              "url": "https://github.com/adaltas/node-mixme/security/advisories/GHSA-79jw-6wg7-r9g4"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20210618-0005/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-28860",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Node.js mixme, prior to v0.5.1, an attacker can add or alter properties of an object via \u0027__proto__\u0027 through the mutate() and merge() functions. The polluted attribute will be directly assigned to every object in the program. This will put the availability of the program at risk causing a potential denial of service (DoS)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://nodejs.com",
                  "refsource": "MISC",
                  "url": "http://nodejs.com"
                },
                {
                  "name": "https://www.npmjs.com/~david",
                  "refsource": "MISC",
                  "url": "https://www.npmjs.com/~david"
                },
                {
                  "name": "https://github.com/adaltas/node-mixme/issues/1",
                  "refsource": "MISC",
                  "url": "https://github.com/adaltas/node-mixme/issues/1"
                },
                {
                  "name": "https://github.com/adaltas/node-mixme/commit/cfd5fbfc32368bcf7e06d1c5985ea60e34cd4028",
                  "refsource": "MISC",
                  "url": "https://github.com/adaltas/node-mixme/commit/cfd5fbfc32368bcf7e06d1c5985ea60e34cd4028"
                },
                {
                  "name": "https://github.com/adaltas/node-mixme/security/advisories/GHSA-79jw-6wg7-r9g4",
                  "refsource": "MISC",
                  "url": "https://github.com/adaltas/node-mixme/security/advisories/GHSA-79jw-6wg7-r9g4"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20210618-0005/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20210618-0005/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-28860",
        "datePublished": "2021-05-03T11:48:33.000Z",
        "dateReserved": "2021-03-19T00:00:00.000Z",
        "dateUpdated": "2026-07-09T00:12:54.018Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2021-28860 (GCVE-0-2021-28860)

    Vulnerability from cvelistv5 – Published: 2021-05-03 11:48 – Updated: 2026-07-09 00:12
    VLAI
    Summary
    In Node.js mixme, prior to v0.5.1, an attacker can add or alter properties of an object via '__proto__' through the mutate() and merge() functions. The polluted attribute will be directly assigned to every object in the program. This will put the availability of the program at risk causing a potential denial of service (DoS).
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2026-07-09T00:12:54.018Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://www.npmjs.com/~david"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/adaltas/node-mixme/issues/1"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/adaltas/node-mixme/commit/cfd5fbfc32368bcf7e06d1c5985ea60e34cd4028"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/adaltas/node-mixme/security/advisories/GHSA-79jw-6wg7-r9g4"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://security.netapp.com/advisory/ntap-20210618-0005/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "In Node.js mixme, prior to v0.5.1, an attacker can add or alter properties of an object via \u0027__proto__\u0027 through the mutate() and merge() functions. The polluted attribute will be directly assigned to every object in the program. This will put the availability of the program at risk causing a potential denial of service (DoS)."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-07-04T23:45:10.593Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "url": "https://www.npmjs.com/~david"
            },
            {
              "url": "https://github.com/adaltas/node-mixme/issues/1"
            },
            {
              "url": "https://github.com/adaltas/node-mixme/commit/cfd5fbfc32368bcf7e06d1c5985ea60e34cd4028"
            },
            {
              "url": "https://github.com/adaltas/node-mixme/security/advisories/GHSA-79jw-6wg7-r9g4"
            },
            {
              "url": "https://security.netapp.com/advisory/ntap-20210618-0005/"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2021-28860",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "In Node.js mixme, prior to v0.5.1, an attacker can add or alter properties of an object via \u0027__proto__\u0027 through the mutate() and merge() functions. The polluted attribute will be directly assigned to every object in the program. This will put the availability of the program at risk causing a potential denial of service (DoS)."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "http://nodejs.com",
                  "refsource": "MISC",
                  "url": "http://nodejs.com"
                },
                {
                  "name": "https://www.npmjs.com/~david",
                  "refsource": "MISC",
                  "url": "https://www.npmjs.com/~david"
                },
                {
                  "name": "https://github.com/adaltas/node-mixme/issues/1",
                  "refsource": "MISC",
                  "url": "https://github.com/adaltas/node-mixme/issues/1"
                },
                {
                  "name": "https://github.com/adaltas/node-mixme/commit/cfd5fbfc32368bcf7e06d1c5985ea60e34cd4028",
                  "refsource": "MISC",
                  "url": "https://github.com/adaltas/node-mixme/commit/cfd5fbfc32368bcf7e06d1c5985ea60e34cd4028"
                },
                {
                  "name": "https://github.com/adaltas/node-mixme/security/advisories/GHSA-79jw-6wg7-r9g4",
                  "refsource": "MISC",
                  "url": "https://github.com/adaltas/node-mixme/security/advisories/GHSA-79jw-6wg7-r9g4"
                },
                {
                  "name": "https://security.netapp.com/advisory/ntap-20210618-0005/",
                  "refsource": "CONFIRM",
                  "url": "https://security.netapp.com/advisory/ntap-20210618-0005/"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2021-28860",
        "datePublished": "2021-05-03T11:48:33.000Z",
        "dateReserved": "2021-03-19T00:00:00.000Z",
        "dateUpdated": "2026-07-09T00:12:54.018Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }