CVE-2021-3766
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2021-3766
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-3766.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2021-3766
- Aliases
- Published
- 2021-09-06T12:15:08Z
- Modified
- 2025-07-29T10:01:21.932003Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
objection.js is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
- References
Affected packages
Git / github.com/vincit/objection.js
Affected ranges
- Type
- GIT
- Repo
- https://github.com/vincit/objection.js
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.1.0
0.1.1
0.1.2
0.1.3
0.1.4
0.1.5
0.2.0
0.2.1
0.2.3
0.2.4
0.2.6
0.2.7
0.3.0
0.3.1
0.3.2
0.3.3
0.4.0
0.4.0-rc.4
0.5.0-alpha.1
0.5.0-alpha.2
0.5.0-rc.1
0.5.0-rc.2
0.5.0-rc.3
0.5.0-rc.4
0.5.0-rc.5
0.5.1
0.5.2
0.5.3
0.5.4
0.5.5
0.6.0
0.6.0-alpha.1
0.6.0-alpha.2
0.6.0-alpha.3
0.6.0-rc.1
0.6.0-rc.2
0.6.0-rc.3
0.6.0-rc.4
0.6.0-rc.5
0.6.0-rc.6
0.7.0
0.7.0-rc.1
0.7.0-rc.2
0.7.0-rc.3
0.7.1
0.7.10
0.7.11
0.7.12
0.7.2
0.7.3
0.7.4
0.7.5
0.7.6
0.7.8
0.7.9
0.8.0
0.8.0-rc.2
0.8.1
0.8.2
0.8.3
0.8.4
0.8.5
0.8.6
0.8.7
0.8.8
0.9.0
0.9.1
0.9.2
0.9.3
0.9.4
1.*
1.0.0
1.0.0-rc.10
1.0.0-rc.11
1.0.0-rc.12
1.0.0-rc.13
1.0.0-rc.2
1.0.0-rc.5
1.0.0-rc.6
1.0.0-rc.7
1.0.0-rc.8
1.0.0-rc.9
1.1.0
1.1.1
1.1.10
1.1.11
1.1.2
1.1.3
1.1.4
1.1.5
1.1.6
1.1.7
1.1.8
1.1.9
1.2.0
1.2.1
1.2.2
1.2.3
1.2.4
1.3.0
1.4.0
1.5.0
1.5.0-rc.1
1.5.0-rc.2
1.5.0-rc.3
1.5.0-rc.4
1.5.0-rc.5
1.5.1
1.5.2
1.5.3
1.6.0
1.6.0-rc.1
1.6.1
1.6.3
1.6.4
1.6.5
1.6.6
1.6.9
2.*
2.0-alpha.1
2.0-alpha.10
2.0-alpha.3
2.0-alpha.4
2.0-alpha.9
2.0-rc.1
2.0-rc.2
2.0.0
2.0.10
2.0.2
2.0.3
2.0.4
2.0.5
2.0.8
2.0.9
2.1.0
2.1.2
2.1.3
2.1.6
2.2.0
2.2.1
2.2.10
2.2.11
2.2.12
2.2.13
2.2.15
2.2.3
2.2.6
2.2.8
Other
list