A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2) , which could let a malicious user obtain privileges via the mapValues() method.
CWE-1321
CVSSv2:
Base Score: MEDIUM (6.8)
Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSSv3:
Base Score: HIGH (7.8)
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVE-2021-43138
A vulnerability exists in Async through 3.2.1 (fixed in 3.2.2) , which could let a malicious user obtain privileges via the mapValues() method.
CWE-1321
CVSSv2: Base Score: MEDIUM (6.8) Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P CVSSv3: Base Score: HIGH (7.8) Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
References: MISC - https://github.com/caolan/async/blob/master/lib/internal/iterator.js MISC - https://github.com/caolan/async/blob/master/lib/mapValuesLimit.js MISC - https://github.com/caolan/async/commit/e1ecdbf79264f9ab488c7799f4c76996d5dca66d MISC - https://jsfiddle.net/oz5twjd9/ Vulnerable Software & Versions:
cpe:2.3:a:async_project:async:::::::: versions up to (excluding) 3.2.2