{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T13:01:37.253","vulnerabilities":[{"cve":{"id":"CVE-2022-21213","sourceIdentifier":"report@snyk.io","published":"2022-06-17T20:15:10.363","lastModified":"2024-11-21T06:44:07.683","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"This affects all versions of package mout. The deepFillIn function can be used to 'fill missing properties recursively', while the deepMixIn mixes objects into the target object, recursively mixing existing child objects as well. In both cases, the key used to access the target object recursively is not checked, leading to exploiting this vulnerability. **Note:** This vulnerability derives from an incomplete fix of [CVE-2020-7792](https://security.snyk.io/vuln/SNYK-JS-MOUT-1014544)."},{"lang":"es","value":"Esto afecta a todas las versiones del paquete mout. La función deepFillIn puede usarse para \"rellenar recursivamente las propiedades que faltan\", mientras que la deepMixIn mezcla objetos en el objeto de destino, mezclando también recursivamente los objetos hijos existentes. En ambos casos, la clave usada para acceder al objeto de destino de forma recursiva no es comprobada, conllevando a una explotación de esta vulnerabilidad. **Nota:** Esta vulnerabilidad deriva de una corrección incompleta de [CVE-2020-7792](https://security.snyk.io/vuln/SNYK-JS-MOUT-1014544)"}],"metrics":{"cvssMetricV31":[{"source":"report@snyk.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","baseScore":7.5,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:N/A:P","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-1321"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:moutjs:mout:*:*:*:*:*:node.js:*:*","matchCriteriaId":"FDEEC98C-3F51-4855-8FF1-8F79D58DFF31"}]}]}],"references":[{"url":"https://github.com/mout/mout/blob/master/src/object/deepFillIn.js","source":"report@snyk.io","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/mout/mout/blob/master/src/object/deepMixIn.js","source":"report@snyk.io","tags":["Exploit","Third Party Advisory"]},{"url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-2870623","source":"report@snyk.io","tags":["Exploit","Third Party Advisory"]},{"url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2870622","source":"report@snyk.io","tags":["Exploit","Third Party Advisory"]},{"url":"https://snyk.io/vuln/SNYK-JS-MOUT-2342654","source":"report@snyk.io","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/mout/mout/blob/master/src/object/deepFillIn.js","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/mout/mout/blob/master/src/object/deepMixIn.js","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-2870623","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2870622","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://snyk.io/vuln/SNYK-JS-MOUT-2342654","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}