High severity8.1NVD Advisory· Published Aug 24, 2021· Updated Jun 17, 2026
CVE-2021-23406
CVE-2021-23406
Description
This affects the package pac-resolver before 5.0.0. This can occur when used with untrusted input, due to unsafe PAC file handling. NOTE: The fix for this vulnerability is applied in the node-degenerator library, a dependency written by the same maintainer.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pac-resolvernpm | < 5.0.0 | 5.0.0 |
degeneratornpm | < 3.0.1 | 3.0.1 |
Affected products
3- pac-resolver/pac-resolverdescription
- ghsa-coords2 versions
< 3.0.1+ 1 more
- (no CPE)range: < 3.0.1
- (no CPE)range: < 5.0.0
Patches
Vulnerability mechanics
References
7- github.com/TooTallNate/node-degenerator/commit/9d25bb67d957bc2e5425fea7bf7a58b3fc64ff9envdPatchThird Party AdvisoryWEB
- github.com/TooTallNate/node-degenerator/commit/ccc3445354135398b6eb1a04c7d27c13b833f2d5nvdPatchThird Party AdvisoryWEB
- github.com/TooTallNate/node-pac-resolver/releases/tag/5.0.0nvdPatchRelease NotesThird Party AdvisoryWEB
- snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1568506nvdExploitPatchThird Party AdvisoryWEB
- snyk.io/vuln/SNYK-JS-PACRESOLVER-1564857nvdExploitPatchThird Party AdvisoryWEB
- github.com/advisories/GHSA-9j49-mfvp-vmhmghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-23406ghsaADVISORY
News mentions
0No linked articles in our index yet.