Substack Minimist vulnerabilities
2 known vulnerabilities affecting substack/minimist.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2021-44906CRITICALCVSS 9.8fixed in 1.2.62022-03-17
CVE-2021-44906 [CRITICAL] CWE-1321 CVE-2021-44906: Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
ghsanvdosv
CVE-2020-7598MEDIUMCVSS 5.6fixed in 1.2.2vAll versions prior to version 1.2.22020-03-11
CVE-2020-7598 [MEDIUM] CWE-1321 CVE-2020-7598: minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload.
ghsanvdosv