async — CVE history (npm)
async
1 CVEs affect the async npm package (highest CVSS 7.8). Latest disclosed: 2022-04-06. Full CVE history sourced from NVD.
Summary
- Package
async(npm)- Total CVEs
1- Actively exploited (CISA KEV)
- 0
- Highest CVSS
7.8- Latest disclosed
- 2022-04-06
Recent CVEs (top 1)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2021-43138 | High | 7.8 | — | 2022-04-06 | In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution. |
All-time worst (top 1 by CVSS)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2021-43138 | High | 7.8 | — | 2022-04-06 | In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution. |