CVE-2021-44906 - Remote Code Execution (RCE)
Severity: Low2022-04-14
Abstract
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
The Oxygen products incorporate Minimist as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.
Affected Products/Versions
Product | Severity | Fixed Release Availability |
Oxygen Feedback Enterprise v2.0.2 and older | Low | Oxygen Feedback Enterprise 2.1 build 2022041216 |
Detail
CVE-2021-44906
Severity: Critical
CVSS Score: 9.8
The Minimist third-party library used by Oxygen XML products is an affected version mentioned in CVE-2021-44906 vulnerability description. However, the Oxygen Feedback product does not pass data from untrusted sources to this library. For that reason, we have rated the severity level for our products as low.