[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2021-43138":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":99,"aliases":109,"duplicate_of":9,"upstream":111,"downstream":112,"duplicates":139,"related":140,"reserved_at":9,"published_at":154,"modified_at":155,"state":156,"summary":157,"references_raw":165,"kevs":256,"epss":257,"epss_history":260,"metrics":518,"affected":533},"CVE-2021-43138","In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.",null,[11,93],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-1321","Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')","The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.","weakness","Incomplete","Variant",[19,67,89],{"id":20,"name":21,"techniques":22},"CAPEC-1","Accessing Functionality Not Properly Constrained by ACLs",[23],{"id":24,"name":25,"tactics":26,"countermeasures":42},"T1574.010","Services File Permissions Weakness",[27,30,33,36,39],{"id":28,"name":29},"TA0110","Persistence",{"id":31,"name":32},"TA0111","Privilege Escalation",{"id":34,"name":35},"TA0030","Defense Evasion",{"id":37,"name":38},"TA0005","Stealth",{"id":40,"name":41},"TA0104","Execution",[43,48,52,57,62],{"id":44,"name":45,"tactic":46},"D3-SWI","Software Inventory",{"name":47},"Model",{"id":49,"name":50,"tactic":51},"D3-AVE","Asset Vulnerability Enumeration",{"name":47},{"id":53,"name":54,"tactic":55},"D3-SBV","Service Binary Verification",{"name":56},"Detect",{"id":58,"name":59,"tactic":60},"D3-SU","Software Update",{"name":61},"Harden",{"id":63,"name":64,"tactic":65},"D3-RS","Restore Software",{"name":66},"Restore",{"id":68,"name":69,"techniques":70},"CAPEC-180","Exploiting Incorrectly Configured Access Control Security Levels",[71],{"id":24,"name":25,"tactics":72,"countermeasures":78},[73,74,75,76,77],{"id":28,"name":29},{"id":31,"name":32},{"id":34,"name":35},{"id":37,"name":38},{"id":40,"name":41},[79,81,83,85,87],{"id":44,"name":45,"tactic":80},{"name":47},{"id":49,"name":50,"tactic":82},{"name":47},{"id":53,"name":54,"tactic":84},{"name":56},{"id":58,"name":59,"tactic":86},{"name":61},{"id":63,"name":64,"tactic":88},{"name":66},{"id":90,"name":91,"techniques":92},"CAPEC-77","Manipulating User-Controlled Variables",[],{"_key":94,"id":94,"name":95,"description":96,"type":15,"status":16,"abstraction":97,"likelihood_of_exploit":9,"capec":98},"CWE-915","Improperly Controlled Modification of Dynamically-Determined Object Attributes","The product receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, but it does not properly control which attributes can be modified.","Base",[],[100],{"_key":101,"name":102,"source":103,"url":104,"maturity":105,"reliability_score":106,"verified":107,"type":9,"platforms":108,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_158DACD817EBC89D","Exploit Reference (jsfiddle.net)","reference","https://jsfiddle.net/oz5twjd9/","unknown",0.2,false,[],[110],"GHSA-fwr7-v2mv-hh25",[],[113,115,117,119,121,123,125,127,129,131,133,135,137],{"_key":114},"SUSE-SU-2024:0487-1",{"_key":116},"OPENSUSE-SU-2024:12723-1",{"_key":118},"SUSE-SU-2022:3313-1",{"_key":120},"SUSE-SU-2022:3314-1",{"_key":122},"SUSE-SU-2022:3761-1",{"_key":124},"SUSE-SU-2023:2579-1",{"_key":126},"SUSE-SU-2024:0191-1",{"_key":128},"SUSE-SU-2024:0196-1",{"_key":130},"SUSE-SU-2024:0486-1",{"_key":132},"SUSE-RU-2024:0511-1",{"_key":134},"SUSE-SU-2023:2575-1",{"_key":136},"SUSE-SU-2023:2578-1",{"_key":138},"MGASA-2025-0194",[],[141,142,143,144,145,146,147,148,149,150,151,152,153],{"_key":114},{"_key":116},{"_key":118},{"_key":120},{"_key":122},{"_key":124},{"_key":126},{"_key":128},{"_key":130},{"_key":132},{"_key":134},{"_key":136},{"_key":138},"2022-04-06T00:00:00.000Z","2024-08-04T03:47:13.575Z","Modified",{"cisa_kev":107,"cisa_ransomware":107,"cisa_vendor":9,"epss_severity":158,"epss_score":159,"severity":160,"severity_score":161,"severity_version":162,"severity_source":163,"severity_vector":164,"severity_status":156},"low",0.00657,"high",7.8,"v3.1","nvd","CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",[166,174,178,182,187,192,196,200,205,209,213,218,222,227,231,235,239,243,247,251],{"url":167,"sources":168,"tags":171},"https://github.com/caolan/async/blob/master/lib/internal/iterator.js",[169,163,170],"cve.org","osv_npm",[172,173],"Third Party Advisory","WEB",{"url":175,"sources":176,"tags":177},"https://github.com/caolan/async/blob/master/lib/mapValuesLimit.js",[169,163,170],[172,173],{"url":104,"sources":179,"tags":180},[169,163],[181,172],"Exploit",{"url":183,"sources":184,"tags":185},"https://github.com/caolan/async/commit/e1ecdbf79264f9ab488c7799f4c76996d5dca66d",[169,163,170],[186,172,173],"Patch",{"url":188,"sources":189,"tags":190},"https://github.com/caolan/async/blob/v2.6.4/CHANGELOG.md#v264",[169,163,170],[191,172,173],"Release Notes",{"url":193,"sources":194,"tags":195},"https://github.com/caolan/async/pull/1828",[169,163,170],[186,172,173],{"url":197,"sources":198,"tags":199},"https://github.com/caolan/async/compare/v2.6.3...v2.6.4",[169,163,170],[186,172,173],{"url":201,"sources":202,"tags":203},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTEUUTNIEBHGKUKKLNUZSV7IEP6IP3Q3/",[169,163],[204],"Vendor Advisory",{"url":206,"sources":207,"tags":208},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UM6XJ73Q3NAM5KSGCOKJ2ZIA6GUWUJLK/",[169,163],[204],{"url":210,"sources":211,"tags":212},"https://security.netapp.com/advisory/ntap-20240621-0006/",[169,163],[],{"url":214,"sources":215,"tags":216},"https://nvd.nist.gov/vuln/detail/CVE-2021-43138",[170],[217],"Advisory",{"url":219,"sources":220,"tags":221},"https://github.com/caolan/async/commit/8f7f90342a6571ba1c197d747ebed30c368096d2",[170],[173],{"url":223,"sources":224,"tags":225},"https://github.com/caolan/async",[170],[226],"PACKAGE",{"url":228,"sources":229,"tags":230},"https://jsfiddle.net/oz5twjd9",[170],[173],{"url":232,"sources":233,"tags":234},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTEUUTNIEBHGKUKKLNUZSV7IEP6IP3Q3",[170],[173],{"url":236,"sources":237,"tags":238},"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UM6XJ73Q3NAM5KSGCOKJ2ZIA6GUWUJLK",[170],[173],{"url":240,"sources":241,"tags":242},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTEUUTNIEBHGKUKKLNUZSV7IEP6IP3Q3",[170],[173],{"url":244,"sources":245,"tags":246},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UM6XJ73Q3NAM5KSGCOKJ2ZIA6GUWUJLK",[170],[173],{"url":248,"sources":249,"tags":250},"https://security.netapp.com/advisory/ntap-20240621-0006",[170],[173],{"url":252,"sources":253,"tags":255},"https://www.wordfence.com/threat-intel/vulnerabilities/id/361315ff-99ef-4fb2-946f-8ccc307bd3be",[254],"wordfence",[204],[],{"date":258,"score":159,"percentile":259},"2026-06-04",0.71429,[261,265,268,271,274,277,280,283,285,288,291,294,297,300,303,307,310,313,316,319,321,324,327,330,333,335,337,339,343,346,349,352,354,357,359,362,365,368,371,374,377,379,382,385,388,391,394,397,400,403,406,409,412,414,417,420,423,426,429,432,435,437,440,443,446,449,452,455,458,461,464,467,470,473,476,479,481,483,485,488,491,494,497,500,502,505,507,510,513,515],{"date":262,"score":263,"percentile":264},"2025-11-04",0.00706,0.71345,{"date":266,"score":263,"percentile":267},"2025-11-05",0.71329,{"date":269,"score":263,"percentile":270},"2025-11-06",0.71327,{"date":272,"score":263,"percentile":273},"2025-11-07",0.71343,{"date":275,"score":263,"percentile":276},"2025-11-08",0.71342,{"date":278,"score":263,"percentile":279},"2025-11-09",0.71336,{"date":281,"score":263,"percentile":282},"2025-11-10",0.71322,{"date":284,"score":263,"percentile":267},"2025-11-11",{"date":286,"score":263,"percentile":287},"2025-11-12",0.71352,{"date":289,"score":263,"percentile":290},"2025-11-13",0.7136,{"date":292,"score":263,"percentile":293},"2025-11-14",0.71367,{"date":295,"score":263,"percentile":296},"2025-11-15",0.71368,{"date":298,"score":263,"percentile":299},"2025-11-16",0.71365,{"date":301,"score":263,"percentile":302},"2025-11-17",0.71359,{"date":304,"score":305,"percentile":306},"2025-11-18",0.01418,0.7891,{"date":308,"score":305,"percentile":309},"2025-11-19",0.78917,{"date":311,"score":305,"percentile":312},"2025-11-20",0.78925,{"date":314,"score":263,"percentile":315},"2025-11-21",0.71385,{"date":317,"score":263,"percentile":318},"2025-11-22",0.71378,{"date":320,"score":263,"percentile":290},"2025-11-23",{"date":322,"score":263,"percentile":323},"2025-11-24",0.71353,{"date":325,"score":263,"percentile":326},"2025-11-25",0.71356,{"date":328,"score":263,"percentile":329},"2025-11-26",0.71361,{"date":331,"score":263,"percentile":332},"2025-11-27",0.71363,{"date":334,"score":263,"percentile":287},"2025-11-28",{"date":336,"score":263,"percentile":276},"2025-11-29",{"date":338,"score":263,"percentile":279},"2025-11-30",{"date":340,"score":341,"percentile":342},"2025-12-01",0.00442,0.62611,{"date":344,"score":341,"percentile":345},"2025-12-02",0.62627,{"date":347,"score":341,"percentile":348},"2025-12-03",0.62631,{"date":350,"score":263,"percentile":351},"2025-12-04",0.71341,{"date":353,"score":263,"percentile":287},"2025-12-05",{"date":355,"score":263,"percentile":356},"2025-12-06",0.71355,{"date":358,"score":263,"percentile":302},"2025-12-07",{"date":360,"score":263,"percentile":361},"2025-12-08",0.71364,{"date":363,"score":263,"percentile":364},"2025-12-09",0.71393,{"date":366,"score":263,"percentile":367},"2025-12-10",0.71428,{"date":369,"score":263,"percentile":370},"2025-12-11",0.7145,{"date":372,"score":263,"percentile":373},"2025-12-12",0.71474,{"date":375,"score":263,"percentile":376},"2025-12-13",0.7148,{"date":378,"score":263,"percentile":376},"2025-12-14",{"date":380,"score":263,"percentile":381},"2025-12-15",0.71477,{"date":383,"score":263,"percentile":384},"2025-12-16",0.71486,{"date":386,"score":263,"percentile":387},"2025-12-17",0.71501,{"date":389,"score":263,"percentile":390},"2025-12-18",0.71519,{"date":392,"score":263,"percentile":393},"2025-12-19",0.71537,{"date":395,"score":263,"percentile":396},"2025-12-20",0.71535,{"date":398,"score":263,"percentile":399},"2025-12-21",0.71528,{"date":401,"score":263,"percentile":402},"2025-12-22",0.71527,{"date":404,"score":263,"percentile":405},"2025-12-23",0.71524,{"date":407,"score":263,"percentile":408},"2025-12-24",0.71529,{"date":410,"score":263,"percentile":411},"2025-12-25",0.71557,{"date":413,"score":263,"percentile":411},"2025-12-26",{"date":415,"score":263,"percentile":416},"2025-12-27",0.71592,{"date":418,"score":263,"percentile":419},"2025-12-28",0.71531,{"date":421,"score":263,"percentile":422},"2025-12-29",0.7153,{"date":424,"score":263,"percentile":425},"2025-12-30",0.71545,{"date":427,"score":263,"percentile":428},"2025-12-31",0.71566,{"date":430,"score":341,"percentile":431},"2026-01-01",0.62888,{"date":433,"score":341,"percentile":434},"2026-01-02",0.62873,{"date":436,"score":341,"percentile":434},"2026-01-03",{"date":438,"score":263,"percentile":439},"2026-01-04",0.71571,{"date":441,"score":263,"percentile":442},"2026-01-05",0.71567,{"date":444,"score":263,"percentile":445},"2026-01-06",0.71577,{"date":447,"score":263,"percentile":448},"2026-01-07",0.71591,{"date":450,"score":263,"percentile":451},"2026-01-08",0.71607,{"date":453,"score":263,"percentile":454},"2026-01-09",0.71614,{"date":456,"score":263,"percentile":457},"2026-01-10",0.71611,{"date":459,"score":263,"percentile":460},"2026-01-11",0.71605,{"date":462,"score":263,"percentile":463},"2026-01-12",0.71598,{"date":465,"score":263,"percentile":466},"2026-01-13",0.71596,{"date":468,"score":263,"percentile":469},"2026-01-14",0.71619,{"date":471,"score":263,"percentile":472},"2026-01-15",0.71624,{"date":474,"score":263,"percentile":475},"2026-01-16",0.7164,{"date":477,"score":263,"percentile":478},"2026-01-17",0.71634,{"date":480,"score":263,"percentile":457},"2026-01-18",{"date":482,"score":263,"percentile":460},"2026-01-19",{"date":484,"score":263,"percentile":454},"2026-01-20",{"date":486,"score":263,"percentile":487},"2026-01-21",0.71618,{"date":489,"score":263,"percentile":490},"2026-01-22",0.71628,{"date":492,"score":263,"percentile":493},"2026-01-23",0.71658,{"date":495,"score":263,"percentile":496},"2026-01-24",0.71664,{"date":498,"score":263,"percentile":499},"2026-01-25",0.71642,{"date":501,"score":263,"percentile":475},"2026-01-26",{"date":503,"score":263,"percentile":504},"2026-01-27",0.71641,{"date":506,"score":263,"percentile":493},"2026-01-28",{"date":508,"score":263,"percentile":509},"2026-01-29",0.71657,{"date":511,"score":263,"percentile":512},"2026-01-30",0.71662,{"date":514,"score":263,"percentile":496},"2026-01-31",{"date":516,"score":341,"percentile":517},"2026-02-01",0.62923,[519,529,531],{"source":163,"cvss_v2_0":520,"cvss_v3_0":9,"cvss_v3_1":525,"cvss_v4_0":9},{"baseScore":521,"baseSeverity":9,"vectorString":522,"impactScore":523,"exploitabilityScore":524},6.8,"AV:N/AC:M/Au:N/C:P/I:P/A:P",6.4,8.6,{"baseScore":161,"baseSeverity":526,"vectorString":164,"impactScore":527,"exploitabilityScore":528},"HIGH",9.8,4.6,{"source":170,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":530,"cvss_v4_0":9},{"baseScore":161,"baseSeverity":9,"vectorString":164,"impactScore":527,"exploitabilityScore":528},{"source":254,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":532,"cvss_v4_0":9},{"baseScore":161,"baseSeverity":526,"vectorString":164,"impactScore":527,"exploitabilityScore":528},[534,550,559,569],{"ecosystem":9,"name":535,"vendor":536,"product":535,"cpe_part":537,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":538},"async","async_project","a",[539,545],{"version":540,"is_range":541,"range_type":542,"version_start":9,"version_start_type":9,"version_end":543,"version_end_type":544,"fixed_in":9},"lt2.6.4",true,"cpe","2.6.4","excluding",{"version":546,"is_range":541,"range_type":542,"version_start":547,"version_start_type":548,"version_end":549,"version_end_type":544,"fixed_in":9},"gte3.0.0_lt3.2.2","3.0.0","including","3.2.2",{"ecosystem":9,"name":551,"vendor":552,"product":551,"cpe_part":553,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":554},"fedora","fedoraproject","o",[555,557],{"version":556,"is_range":107,"range_type":542,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"36",{"version":558,"is_range":107,"range_type":542,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"37",{"ecosystem":560,"name":535,"vendor":560,"product":535,"cpe_part":9,"purl_type":561,"purl_namespace":9,"purl_name":535,"source":9,"versions":562},"Npm","npm",[563,566],{"version":564,"is_range":541,"range_type":565,"version_start":547,"version_start_type":548,"version_end":549,"version_end_type":544,"fixed_in":9},"gte3_0_0_lt3_2_2","semver",{"version":567,"is_range":541,"range_type":565,"version_start":568,"version_start_type":548,"version_end":543,"version_end_type":544,"fixed_in":9},"gte2_0_0_lt2_6_4","2.0.0",{"ecosystem":9,"name":570,"vendor":571,"product":572,"cpe_part":537,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":573},"Insert Special Characters","wordpress","insert-special-characters",[574],{"version":575,"is_range":541,"range_type":254,"version_start":9,"version_start_type":9,"version_end":576,"version_end_type":548,"fixed_in":577},">=*,\u003C=1.0.4","1.0.4","1.0.5"]