CVEFinder.io

CVE-2021-44906

⛔ critical
🔍 Scan for this CVE
Summary

Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).

CVSS Score
9.8
Critical
EPSS Score
0.9
Exploit Probability
Published Date
2022-03-17
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Very High Risk - more severe than 90.4% of all 317,883 vulnerabilities in our database.

#30,373
Top 10% most severe
Severity Percentile
Last Modified 2024-11-21
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE IDs (Weakness Types)
CWE-1321

📦 Affected Products 1

Vendor Product Status Affected Versions
substack minimist Affected
< 1.2.6

🔗 References 6

https://github.com/Marynk/JavaScript-vulnerability-d...
Exploit Third Party Advisory
https://github.com/substack/minimist/blob/master/ind...
Exploit Third Party Advisory
https://github.com/substack/minimist/issues/164
Exploit Issue Tracking Patch Third Party Advisory
https://security.netapp.com/advisory/ntap-20240621-0...
https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
Exploit Not Applicable Patch Third Party Advisory
https://stackoverflow.com/questions/8588563/adding-c...
Issue Tracking Third Party Advisory

🔗 Related CVEs 1

CVE ID Severity CVSS EPSS Summary Published
CVE-2020-7598 🔶 medium 5.6 0.3 minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or ... 2020-03-11
These CVEs affect the same products