← Back

Substack

substack

2 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Minimist
minimist
2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-44906
1Substack
1Minimist
Nov 21, 2024
Mar 17, 2022
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
CVE-2020-7598
2Opensuse
Substack
2Leap
Minimist
Nov 21, 2024
Mar 11, 2020
N/A· v4
5.6 MEDIUM· v3
6.8 MEDIUM· v2
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload.