What is GHSA-xvch-5gv4-984h?

Prototype Pollution in minimist This vulnerability has been assigned a severity rating of CRITICAL.

How do I check if my project is affected by GHSA-xvch-5gv4-984h?

Use GeekWala's free vulnerability scanner to check your dependencies against GHSA-xvch-5gv4-984h and 200,000+ other known vulnerabilities. Upload your package.json, requirements.txt, or other dependency file to get instant results.

GHSA-xvch-5gv4-984h

CRITICAL

Prototype Pollution in minimist

Published March 18, 2022Updated January 14, 2025Source: osv

Details

Minimist prior to 1.2.6 and 0.2.4 is vulnerable to Prototype Pollution via file `index.js`, function `setKey()` (lines 69-95).

Remediation

Upgrade to the fixed version using your package manager.

npm

Update minimist to 1.2.6 or later

npm install minimist@1.2.6

npm

Update minimist to 0.2.4 or later

npm install minimist@0.2.4

After upgrading, run your dependency scanner again to confirm the vulnerability is resolved.

Affected Packages (2)

Package	Ecosystem	Affected	Fixed In
minimist	npm	All versions	1.2.6
minimist	npm	All versions	0.2.4

Vulnerability Classification

Common Weakness Enumeration (CWE) identifiers for this vulnerability type.

CWE-1321
Prototype PollutionMITRE

CVSS Score Breakdown

What the CVSS (Common Vulnerability Scoring System) 3.1 score means for each attack dimension.

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References

Risk Assessment

CVSS Score

3.1

Exploitation is difficult or impact is minor. Address in your next planned update.

EPSS Score (30-day exploit probability)

0.88%

Higher than 75% of vulnerabilities

Also Known As

CVE-2021-44906

Check if you're affected

Scan your dependencies to see if this vulnerability affects your projects.

Scan Your Dependencies