CVE-2021-44906 - Remote Code Execution (RCE)

Severity: Low2022-04-14

Security Advisories

Abstract

Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).

The Oxygen products incorporate Minimist as a third-party library. This advisory was opened to address the potential impact of this third-party library vulnerability.

Affected Products/Versions

ProductSeverityFixed Release Availability
Oxygen Feedback Enterprise v2.0.2 and olderLow Oxygen Feedback Enterprise 2.1 build 2022041216

Mitigation

None

Detail

CVE-2021-44906

Severity: Critical

CVSS Score: 9.8

The Minimist third-party library used by Oxygen XML products is an affected version mentioned in CVE-2021-44906 vulnerability description. However, the Oxygen Feedback product does not pass data from untrusted sources to this library. For that reason, we have rated the severity level for our products as low.

List of Security Advisories