Vulnerabilities > CVE-2021-23574 - Unspecified vulnerability in Js-Data
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn and the set functions. This is an incomplete fix of [CVE-2020-28442](https://snyk.io/vuln/SNYK-JS-JSDATA-1023655).
Vulnerable Configurations
References
- https://github.com/js-data/js-data/blob/master/dist/js-data.js%23L472
- https://github.com/js-data/js-data/blob/master/dist/js-data.js%23L472
- https://github.com/js-data/js-data/issues/576
- https://github.com/js-data/js-data/issues/576
- https://github.com/js-data/js-data/issues/577
- https://github.com/js-data/js-data/issues/577
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2320790
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2320790
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2320791
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2320791
- https://snyk.io/vuln/SNYK-JS-JSDATA-1584361
- https://snyk.io/vuln/SNYK-JS-JSDATA-1584361