Vulnerabilities > CVE-2021-26505 - Unspecified vulnerability in Hello.Js Project Hello.Js 1.18.6

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

hello-js-project

critical

NVD

Published: 2023-08-11

Updated: 2023-08-16

Summary

Prototype pollution vulnerability in MrSwitch hello.js version 1.18.6, allows remote attackers to execute arbitrary code via hello.utils.extend function.

Vulnerable Configurations

Part	Description	Count
Application	Hello.Js_Project Hello.Js Project Hello.Js 1.18.6	1

References

https://github.com/MrSwitch/hello.js/issues/634