Affected from CVE-2021-43138

[CVE-2021-43138](http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-43138)

A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2) , which could let a malicious user obtain privileges via the mapValues() method.

CWE-1321

CVSSv2:
Base Score: MEDIUM (6.8)
Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
Base Score: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References:
MISC - https://github.com/caolan/async/blob/master/lib/internal/iterator.js
MISC - https://github.com/caolan/async/blob/master/lib/mapValuesLimit.js
MISC - https://github.com/caolan/async/commit/e1ecdbf79264f9ab488c7799f4c76996d5dca66d
MISC - https://jsfiddle.net/oz5twjd9/
Vulnerable Software & Versions:

[cpe:2.3:a:async_project:async:*:*:*:*:*:*:*:* versions up to (excluding) 3.2.2](https://web.nvd.nist.gov/view/vuln/search-results?adv_search=true&cves=on&cpe_version=cpe%3A%2Fa%3Aasync_project%3Aasync)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Affected from CVE-2021-43138 #9

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Affected from CVE-2021-43138 #9

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions