{"vulnerability": "CVE-2021-2341", "sightings": [{"uuid": "088b44da-3269-4cdf-bfcb-ef97cc7a9b84", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-23413", "type": "seen", "source": "https://t.me/cibsecurity/26454", "content": "\u203c CVE-2021-23413 \u203c\n\nThis affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values (e.g __proto__, toString, etc) results in a returned object with a modified prototype instance.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-25T16:39:57.000000Z"}, {"uuid": "366d2ff5-742a-4517-8d80-a01bb6a1c295", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-23418", "type": "seen", "source": "https://t.me/cibsecurity/26579", "content": "\u203c CVE-2021-23418 \u203c\n\nThe package glances before 3.2.1 are vulnerable to XML External Entity (XXE) Injection via the use of Fault to parse untrusted XML data, which is known to be vulnerable to XML attacks.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-29T22:14:31.000000Z"}, {"uuid": "50741fb6-b5bc-4fdc-8416-704b1d9aa66d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-23417", "type": "seen", "source": "https://t.me/cibsecurity/26559", "content": "\u203c CVE-2021-23417 \u203c\n\nAll versions of package deepmergefn are vulnerable to Prototype Pollution via deepMerge function.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-28T20:13:33.000000Z"}, {"uuid": "ade007b8-8962-4711-847b-5d71654e1885", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-23416", "type": "seen", "source": "https://t.me/cibsecurity/26558", "content": "\u203c CVE-2021-23416 \u203c\n\nThis affects all versions of package curly-bracket-parser. When used as a template library, it does not properly sanitize the user input.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-28T20:13:32.000000Z"}, {"uuid": "df013bc3-1bc4-416a-9485-0c2dd3054a79", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-23414", "type": "seen", "source": "https://www.cisa.gov/news-events/ics-advisories/icsa-25-343-02", "content": "", "creation_timestamp": "2025-12-09T11:00:00.000000Z"}, {"uuid": "7f9e1cc1-120d-4fb4-923e-8ba3087abce0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-23415", "type": "seen", "source": "https://t.me/cibsecurity/26557", "content": "\u203c CVE-2021-23415 \u203c\n\nThis affects the package elFinder.AspNet before 1.1.1. The user-controlled file name is not properly sanitized before it is used to create a file system path.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-28T20:13:31.000000Z"}, {"uuid": "2a5371dd-0ca8-4ab4-9852-865e707b4b78", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-23414", "type": "seen", "source": "https://t.me/cibsecurity/26551", "content": "\u203c CVE-2021-23414 \u203c\n\nThis affects the package video.js before 7.14.3. The src attribute of track tag allows to bypass HTML escaping and execute arbitrary code.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-28T12:13:10.000000Z"}, {"uuid": "dcf3fb90-24f1-482b-b412-4120d2d651b1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-23412", "type": "seen", "source": "https://t.me/cibsecurity/26442", "content": "\u203c CVE-2021-23412 \u203c\n\nAll versions of package gitlogplus are vulnerable to Command Injection via the main functionality, as options attributes are appended to the command to be executed without sanitization.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-07-23T20:37:47.000000Z"}]}