Releases65
Frequency1 month 2 hours
Last Release
Primitives for loading parts of an application asynchronously

CVE History

CVEAffectedPublishedCVSS v3CVSS v2
< 2.6.4, >= 3.0.0, < 3.2.27.8 HIGH6.8 MEDIUM

In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.