CVE-2021-23413


Denial of Service (DoS)

This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values (e.g __proto__, toString, etc) results in a returned object with a modified prototype instance.


We have discovered 10,684 live websites that are affected by CVE-2021-23413.

Contact us to get more info



Affected Software

Product  JSZip
Category JavaScript Libraries
Vulnerable Versions
  • from 0 before 3.7
Total Vulnerable Versions31
Vulnerable Domains10,684 live websites (88.04% of JSZip install base)



Details

  • Published - Jul 25, 2021
  • Updated - Jul 25, 2021

Credits

  • Dave Holoway




Countries

United States4,771 websites


France922 websites
GB389 websites
Germany363 websites
Canada320 websites
Japan319 websites
Italy277 websites
Brazil249 websites
Spain228 websites
Netherlands207 websites

TLDs

.com3,803 websites
.org1,707 websites
.net636 websites
.fr480 websites
.it189 websites
.de180 websites
.nl172 websites
.co.uk163 websites
.ca151 websites
.es129 websites

Vulnerable Versions

Vulnerable versions are highlighted in red


References


Websites affected by CVE-2021-23413

Top websites that are affected by CVE-2021-23413. Please click on the "Contact us" link to get more information.
DomainCountryRankContacts
***.gov United States*,***
***.***********.org Canada*,***
***.*********.com United States**,***
****.***.tr Turkey**,***
***.***.org United States**,***
***.com United States**,***
***.**.es Spain**,***
***.*******************.gov United States**,***
***.***.ie Ireland**,***
***.********.org United States**,***
See full domain list