CVE-2021-43138 - Privilege escalation vulnerability
Severity: High2022-10-13
Abstract
In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.
The Oxygen products incorporate Async as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.
Affected Products/Versions
Product | Severity | Fixed Release Availability |
Oxygen Content Fusion v4.1.6 and older | High | Oxygen Content Fusion 5.0 build 2022052605 |