VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-qx7e-cw3h-aaaq

Essentials
Severities (126)
References (39)
Severity details (35)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-qx7e-cw3h-aaaq
Aliases	CVE-2021-44906 GHSA-xvch-5gv4-984h
Summary	Prototype Pollution in minimist Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
Status	Published
Exploitability	0.5
Weighted Severity	9.0
Risk	4.5
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1321	Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:1739
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:4914
rhas	Important	https://access.redhat.com/errata/RHSA-2022:5069
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:5892
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:5893
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:5894
rhas	Moderate	https://access.redhat.com/errata/RHSA-2022:5928
cvssv3	3.1	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44906.json
cvssv3	9.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44906.json
epss	0.00651	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00651	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00652	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00652	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00756	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00767	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00767	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00767	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00767	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00767	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00767	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00837	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00837	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00837	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00837	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00837	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00837	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00837	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00837	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.00837	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.01134	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.01134	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.01134	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.01134	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.01134	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.01134	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.01134	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.01134	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.01134	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.02255	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.02255	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.02255	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.02255	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.03864	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.04199	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.04199	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.04199	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.04199	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.04199	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.04607	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.04607	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.04607	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
epss	0.04607	https://api.first.org/data/v1/epss?cve=CVE-2021-44906
rhbs	medium	https://bugzilla.redhat.com/show_bug.cgi?id=2066009
cvssv3.1	5.6	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1_qr	CRITICAL	https://github.com/advisories/GHSA-xvch-5gv4-984h
cvssv3.1	9.8	https://github.com/Marynk/JavaScript-vulnerability-detection/blob/main/minimist%20PoC.zip
generic_textual	CRITICAL	https://github.com/Marynk/JavaScript-vulnerability-detection/blob/main/minimist%20PoC.zip
cvssv3.1	9.8	https://github.com/minimistjs/minimist/commit/34e20b8461118608703d6485326abbb8e35e1703
generic_textual	CRITICAL	https://github.com/minimistjs/minimist/commit/34e20b8461118608703d6485326abbb8e35e1703
cvssv3.1	9.8	https://github.com/minimistjs/minimist/commit/bc8ecee43875261f4f17eb20b1243d3ed15e70eb
generic_textual	CRITICAL	https://github.com/minimistjs/minimist/commit/bc8ecee43875261f4f17eb20b1243d3ed15e70eb
cvssv3.1	9.8	https://github.com/minimistjs/minimist/commit/c2b981977fa834b223b408cfb860f933c9811e4d
generic_textual	CRITICAL	https://github.com/minimistjs/minimist/commit/c2b981977fa834b223b408cfb860f933c9811e4d
cvssv3.1	9.8	https://github.com/minimistjs/minimist/commit/ef9153fc52b6cea0744b2239921c5dcae4697f11
generic_textual	CRITICAL	https://github.com/minimistjs/minimist/commit/ef9153fc52b6cea0744b2239921c5dcae4697f11
cvssv3.1	9.8	https://github.com/minimistjs/minimist/commits/v0.2.4
generic_textual	CRITICAL	https://github.com/minimistjs/minimist/commits/v0.2.4
cvssv3.1	9.8	https://github.com/minimistjs/minimist/issues/11
generic_textual	CRITICAL	https://github.com/minimistjs/minimist/issues/11
cvssv3.1	9.8	https://github.com/minimistjs/minimist/pull/24
generic_textual	CRITICAL	https://github.com/minimistjs/minimist/pull/24
cvssv3.1	9.8	https://github.com/substack/minimist
generic_textual	CRITICAL	https://github.com/substack/minimist
cvssv3.1	9.8	https://github.com/substack/minimist/blob/master/index.js#L69
generic_textual	CRITICAL	https://github.com/substack/minimist/blob/master/index.js#L69
cvssv3.1	9.8	https://github.com/substack/minimist/issues/164
generic_textual	CRITICAL	https://github.com/substack/minimist/issues/164
cvssv2	7.5	https://nvd.nist.gov/vuln/detail/CVE-2021-44906
cvssv3	9.8	https://nvd.nist.gov/vuln/detail/CVE-2021-44906
cvssv3.1	9.8	https://nvd.nist.gov/vuln/detail/CVE-2021-44906
cvssv3.1	6.5	https://security.netapp.com/advisory/ntap-20240621-0006
generic_textual	MODERATE	https://security.netapp.com/advisory/ntap-20240621-0006
cvssv3.1	9.8	https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
generic_textual	CRITICAL	https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
cvssv3.1	9.8	https://stackoverflow.com/questions/8588563/adding-custom-properties-to-a-function/20278068#20278068
generic_textual	CRITICAL	https://stackoverflow.com/questions/8588563/adding-custom-properties-to-a-function/20278068#20278068

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44906.json
		https://api.first.org/data/v1/epss?cve=CVE-2021-44906
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44906
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/Marynk/JavaScript-vulnerability-detection/blob/main/minimist%20PoC.zip
		https://github.com/minimistjs/minimist/commit/34e20b8461118608703d6485326abbb8e35e1703
		https://github.com/minimistjs/minimist/commit/bc8ecee43875261f4f17eb20b1243d3ed15e70eb
		https://github.com/minimistjs/minimist/commit/c2b981977fa834b223b408cfb860f933c9811e4d
		https://github.com/minimistjs/minimist/commit/ef9153fc52b6cea0744b2239921c5dcae4697f11
		https://github.com/minimistjs/minimist/commits/v0.2.4
		https://github.com/minimistjs/minimist/issues/11
		https://github.com/minimistjs/minimist/pull/24
		https://github.com/substack/minimist
		https://github.com/substack/minimist/blob/master/index.js#L69
		https://github.com/substack/minimist/issues/164
		https://security.netapp.com/advisory/ntap-20240621-0006
		https://security.netapp.com/advisory/ntap-20240621-0006/
		https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
		https://stackoverflow.com/questions/8588563/adding-custom-properties-to-a-function/20278068#20278068
2066009		https://bugzilla.redhat.com/show_bug.cgi?id=2066009
cpe:2.3:a:substack:minimist::::::node.js::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:substack:minimist::::::node.js::*
CVE-2021-44906		https://nvd.nist.gov/vuln/detail/CVE-2021-44906
GHSA-xvch-5gv4-984h		https://github.com/advisories/GHSA-xvch-5gv4-984h
RHSA-2022:1739		https://access.redhat.com/errata/RHSA-2022:1739
RHSA-2022:4914		https://access.redhat.com/errata/RHSA-2022:4914
RHSA-2022:5069		https://access.redhat.com/errata/RHSA-2022:5069
RHSA-2022:5892		https://access.redhat.com/errata/RHSA-2022:5892
RHSA-2022:5893		https://access.redhat.com/errata/RHSA-2022:5893
RHSA-2022:5894		https://access.redhat.com/errata/RHSA-2022:5894
RHSA-2022:5928		https://access.redhat.com/errata/RHSA-2022:5928
RHSA-2022:7044		https://access.redhat.com/errata/RHSA-2022:7044
RHSA-2022:8652		https://access.redhat.com/errata/RHSA-2022:8652
RHSA-2022:9073		https://access.redhat.com/errata/RHSA-2022:9073
RHSA-2023:0050		https://access.redhat.com/errata/RHSA-2023:0050
RHSA-2023:0321		https://access.redhat.com/errata/RHSA-2023:0321
RHSA-2023:0612		https://access.redhat.com/errata/RHSA-2023:0612
RHSA-2023:1533		https://access.redhat.com/errata/RHSA-2023:1533
RHSA-2023:1742		https://access.redhat.com/errata/RHSA-2023:1742
RHSA-2025:1747		https://access.redhat.com/errata/RHSA-2025:1747

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44906.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-44906.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/Marynk/JavaScript-vulnerability-detection/blob/main/minimist%20PoC.zip

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/minimistjs/minimist/commit/34e20b8461118608703d6485326abbb8e35e1703

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/minimistjs/minimist/commit/bc8ecee43875261f4f17eb20b1243d3ed15e70eb

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/minimistjs/minimist/commit/c2b981977fa834b223b408cfb860f933c9811e4d

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/minimistjs/minimist/commit/ef9153fc52b6cea0744b2239921c5dcae4697f11

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/minimistjs/minimist/commits/v0.2.4

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/minimistjs/minimist/issues/11

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/minimistjs/minimist/pull/24

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/substack/minimist

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/substack/minimist/blob/master/index.js#L69

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://github.com/substack/minimist/issues/164

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2021-44906

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Exploitability (E)

Access Vector (AV)

Access Complexity (AC)

Authentication (Au)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-44906

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-44906

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N Found at https://security.netapp.com/advisory/ntap-20240621-0006

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://snyk.io/vuln/SNYK-JS-MINIMIST-559764

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://stackoverflow.com/questions/8588563/adding-custom-properties-to-a-function/20278068#20278068

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.68555
EPSS Score	0.00651
Published At	April 2, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.