CVE-2021-43956

CWE-1321Prototype Pollution3 documents3 sources
Severity
6.1MEDIUM
EPSS
0.4%
top 41.23%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Atlassian CrucibleAtlassian Fisheye
Timeline
PublishedMar 16
Latest updateMar 17

Description

The jQuery deserialize library in Fisheye and Crucible before version 4.8.9 allowed remote attackers to to inject arbitrary HTML and/or JavaScript via a prototype pollution vulnerability.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages4 packages

CVEListV5atlassian/fisheyeunspecified4.8.9
NVDatlassian/fisheye< 4.8.9
CVEListV5atlassian/crucibleunspecified4.8.9
NVDatlassian/crucible< 4.8.9

🔴Vulnerability Details

2
GHSA
GHSA-9p4g-cjcf-q3x2: The jQuery deserialize library in Fisheye and Crucible before version 42022-03-17
CVEList
CVE-2021-43956: The jQuery deserialize library in Fisheye and Crucible before version 42022-03-16
CVE-2021-43956 (MEDIUM CVSS 6.1) | The jQuery deserialize library in F | cvebase.io