Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:npm/think-helper@1.0.1
Typenpm
Namespace
Namethink-helper
Version1.0.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.1.3
Latest_non_vulnerable_version1.1.3
Affected_by_vulnerabilities
0
url VCID-gbkh-ez7b-w3dx
vulnerability_id VCID-gbkh-ez7b-w3dx
summary 
Prototype Pollution in think-helper
### Impact

The software receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

### Patches

`think-helper@1.1.3` patched it, anyone used `think-helper` should upgrade to `>=1.1.3` version.

### References

https://cwe.mitre.org/data/definitions/1321.html

### For more information
If you have any questions or comments about this advisory:
* Open an issue in [thinkjs/thinkjs](https://github.com/thinkjs/thinkjs)
* Email us at [i@imnerd.org](mailto:i@imnerd.org)
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-32736
reference_id
reference_type
scores
0
value 0.00212
scoring_system epss
scoring_elements 0.43732
published_at 2026-06-09T12:55:00Z
1
value 0.00212
scoring_system epss
scoring_elements 0.437
published_at 2026-06-04T12:55:00Z
2
value 0.00212
scoring_system epss
scoring_elements 0.43771
published_at 2026-06-05T12:55:00Z
3
value 0.00212
scoring_system epss
scoring_elements 0.4378
published_at 2026-06-06T12:55:00Z
4
value 0.00212
scoring_system epss
scoring_elements 0.43757
published_at 2026-06-07T12:55:00Z
5
value 0.00212
scoring_system epss
scoring_elements 0.43722
published_at 2026-06-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-32736
1
reference_url https://github.com/thinkjs/think-helper
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/thinkjs/think-helper
2
reference_url https://github.com/thinkjs/think-helper/security/advisories/GHSA-vr5m-3h59-7jcp
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/thinkjs/think-helper/security/advisories/GHSA-vr5m-3h59-7jcp
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32736
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2021-32736
4
reference_url https://github.com/advisories/GHSA-vr5m-3h59-7jcp
reference_id GHSA-vr5m-3h59-7jcp
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vr5m-3h59-7jcp
fixed_packages
0
url pkg:npm/think-helper@1.1.3
purl pkg:npm/think-helper@1.1.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/think-helper@1.1.3
aliases CVE-2021-32736, GHSA-vr5m-3h59-7jcp
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gbkh-ez7b-w3dx
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:npm/think-helper@1.0.1