Critical severityNVD Advisory· Published Mar 17, 2022· Updated Aug 4, 2024
CVE-2021-44906
CVE-2021-44906
Description
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
minimistnpm | >= 1.0.0, < 1.2.6 | 1.2.6 |
minimistnpm | < 0.2.4 | 0.2.4 |
Affected products
85- Minimist/Minimistdescription
- ghsa-coords84 versionspkg:npm/minimistpkg:rpm/almalinux/nodejspkg:rpm/almalinux/nodejs-develpkg:rpm/almalinux/nodejs-docspkg:rpm/almalinux/nodejs-full-i18npkg:rpm/almalinux/nodejs-libspkg:rpm/almalinux/nodejs-nodemonpkg:rpm/almalinux/nodejs-packagingpkg:rpm/almalinux/npmpkg:rpm/opensuse/nodejs10&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/nodejs10&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/nodejs12&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/nodejs12&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/nodejs14&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/nodejs14&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/nodejs8&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/nodejs8&distro=openSUSE%20Leap%2015.4pkg:rpm/suse/inter-server-sync&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/nodejs10&distro=SUSE%20Enterprise%20Storage%206pkg:rpm/suse/nodejs10&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-ESPOSpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-BCLpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/nodejs10&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/nodejs10&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/nodejs10&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/nodejs12&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/nodejs12&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/nodejs12&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/nodejs12&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/nodejs12&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP3pkg:rpm/suse/nodejs12&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/nodejs12&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/nodejs12&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/nodejs12&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/nodejs12&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/nodejs12&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/nodejs14&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/nodejs14&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/nodejs14&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/nodejs14&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/nodejs14&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP3pkg:rpm/suse/nodejs14&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/nodejs14&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/nodejs14&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/nodejs14&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/nodejs14&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/nodejs14&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/prometheus-formula&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/release-notes-susemanager&distro=SUSE%20Manager%20Server%204.2pkg:rpm/suse/release-notes-susemanager-proxy&distro=SUSE%20Manager%20Proxy%204.2pkg:rpm/suse/release-notes-susemanager-proxy&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.2pkg:rpm/suse/salt-netapi-client&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/smdba&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Proxy%20Module%204.2pkg:rpm/suse/spacecmd&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/spacewalk-backend&distro=SUSE%20Manager%20Proxy%20Module%204.2pkg:rpm/suse/spacewalk-backend&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/spacewalk-certs-tools&distro=SUSE%20Manager%20Proxy%20Module%204.2pkg:rpm/suse/spacewalk-certs-tools&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/spacewalk-java&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/spacewalk-utils&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/spacewalk-web&distro=SUSE%20Manager%20Proxy%20Module%204.2pkg:rpm/suse/spacewalk-web&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Manager%20Proxy%20Module%204.2pkg:rpm/suse/supportutils-plugin-salt&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/susemanager&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/susemanager-doc-indexes&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/susemanager-docs_en&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/susemanager-schema&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/susemanager-sls&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/susemanager-sync-data&distro=SUSE%20Manager%20Server%20Module%204.2pkg:rpm/suse/virtual-host-gatherer&distro=SUSE%20Manager%20Server%20Module%204.2
>= 1.0.0, < 1.2.6+ 83 more
- (no CPE)range: >= 1.0.0, < 1.2.6
- (no CPE)range: < 1:16.18.1-3.module_el8.7.0+3371+ed8c43db
- (no CPE)range: < 1:16.18.1-3.module_el8.7.0+3371+ed8c43db
- (no CPE)range: < 1:16.18.1-3.module_el8.7.0+3371+ed8c43db
- (no CPE)range: < 1:16.18.1-3.module_el8.7.0+3371+ed8c43db
- (no CPE)range: < 1:16.18.1-3.el9_1
- (no CPE)range: < 2.0.20-2.module_el8.7.0+3371+ed8c43db
- (no CPE)range: < 25-1.module_el8.5.0+2605+45d748af
- (no CPE)range: < 1:8.19.2-1.16.18.1.3.module_el8.7.0+3371+ed8c43db
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 12.22.12-150200.4.32.1
- (no CPE)range: < 12.22.12-150200.4.32.1
- (no CPE)range: < 14.19.1-150200.15.31.1
- (no CPE)range: < 14.19.1-150200.15.31.1
- (no CPE)range: < 8.17.0-150200.10.22.1
- (no CPE)range: < 8.17.0-150200.10.22.1
- (no CPE)range: < 0.2.2-150300.8.17.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 10.24.1-150000.1.44.1
- (no CPE)range: < 12.22.12-150200.4.32.1
- (no CPE)range: < 12.22.12-150200.4.32.1
- (no CPE)range: < 12.22.12-150200.4.32.1
- (no CPE)range: < 12.22.12-1.48.1
- (no CPE)range: < 12.22.12-150200.4.32.1
- (no CPE)range: < 12.22.12-150200.4.32.1
- (no CPE)range: < 12.22.12-150200.4.32.1
- (no CPE)range: < 12.22.12-150200.4.32.1
- (no CPE)range: < 12.22.12-150200.4.32.1
- (no CPE)range: < 12.22.12-150200.4.32.1
- (no CPE)range: < 12.22.12-150200.4.32.1
- (no CPE)range: < 14.19.1-150200.15.31.1
- (no CPE)range: < 14.19.1-150200.15.31.1
- (no CPE)range: < 14.19.1-150200.15.31.1
- (no CPE)range: < 14.19.1-6.28.1
- (no CPE)range: < 14.19.1-150200.15.31.1
- (no CPE)range: < 14.19.1-150200.15.31.1
- (no CPE)range: < 14.19.1-150200.15.31.1
- (no CPE)range: < 14.19.1-150200.15.31.1
- (no CPE)range: < 14.19.1-150200.15.31.1
- (no CPE)range: < 14.19.1-150200.15.31.1
- (no CPE)range: < 14.19.1-150200.15.31.1
- (no CPE)range: < 0.6.2-150300.3.14.1
- (no CPE)range: < 4.2.7-150300.3.44.1
- (no CPE)range: < 4.2.7-150300.3.31.2
- (no CPE)range: < 4.2.7-150300.3.31.2
- (no CPE)range: < 0.19.0-150300.3.6.1
- (no CPE)range: < 1.7.10-0.150300.3.6.1
- (no CPE)range: < 4.2.17-150300.4.21.4
- (no CPE)range: < 4.2.17-150300.4.21.4
- (no CPE)range: < 4.2.22-150300.4.23.1
- (no CPE)range: < 4.2.22-150300.4.23.1
- (no CPE)range: < 4.2.16-150300.3.18.3
- (no CPE)range: < 4.2.16-150300.3.18.3
- (no CPE)range: < 4.2.38-150300.3.35.1
- (no CPE)range: < 4.2.16-150300.3.15.5
- (no CPE)range: < 4.2.27-150300.3.21.7
- (no CPE)range: < 4.2.27-150300.3.21.7
- (no CPE)range: < 1.2.0-150300.3.3.1
- (no CPE)range: < 1.2.0-150300.3.3.1
- (no CPE)range: < 4.2.32-150300.3.31.1
- (no CPE)range: < 4.2-150300.12.27.6
- (no CPE)range: < 4.2-150300.12.27.1
- (no CPE)range: < 4.2.22-150300.3.21.6
- (no CPE)range: < 4.2.23-150300.3.25.4
- (no CPE)range: < 4.2.12-150300.3.18.3
- (no CPE)range: < 1.0.23-150300.3.3.1
Patches
Vulnerability mechanics
References
16- github.com/advisories/GHSA-xvch-5gv4-984hghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-44906ghsaADVISORY
- github.com/Marynk/JavaScript-vulnerability-detection/blob/main/minimist%20PoC.zipghsaWEB
- github.com/minimistjs/minimist/commit/34e20b8461118608703d6485326abbb8e35e1703ghsaWEB
- github.com/minimistjs/minimist/commit/bc8ecee43875261f4f17eb20b1243d3ed15e70ebghsaWEB
- github.com/minimistjs/minimist/commit/c2b981977fa834b223b408cfb860f933c9811e4dghsaWEB
- github.com/minimistjs/minimist/commit/ef9153fc52b6cea0744b2239921c5dcae4697f11ghsaWEB
- github.com/minimistjs/minimist/commits/v0.2.4ghsaWEB
- github.com/minimistjs/minimist/issues/11ghsaWEB
- github.com/minimistjs/minimist/pull/24ghsaWEB
- github.com/substack/minimist/blob/master/index.jsghsaWEB
- github.com/substack/minimist/issues/164ghsaWEB
- security.netapp.com/advisory/ntap-20240621-0006ghsaWEB
- snyk.io/vuln/SNYK-JS-MINIMIST-559764ghsaWEB
- stackoverflow.com/questions/8588563/adding-custom-properties-to-a-function/20278068ghsaWEB
- security.netapp.com/advisory/ntap-20240621-0006/mitre
News mentions
0No linked articles in our index yet.