In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution.
openshift-service Rocky
Fixed in: mesh/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a_ppc64le RHSA-2023:3645 Fixed in: mesh/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b_amd64 RHSA-2023:3645 Fixed in: mesh/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375_amd64 RHSA-2023:3645 Fixed in: mesh/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f_ppc64le RHSA-2023:3645 Fixed in: mesh/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf_ppc64le RHSA-2023:3645 Fixed in: mesh/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7_ppc64le RHSA-2023:3645 Fixed in: mesh/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a_ppc64le RHSA-2023:3645 Fixed in: mesh/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d_ppc64le RHSA-2023:3645 Fixed in: mesh/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e_s390x RHSA-2023:3645 Fixed in: mesh/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991_s390x RHSA-2023:3645 Fixed in: mesh/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45_s390x RHSA-2023:3645 Fixed in: mesh/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601_s390x RHSA-2023:3645 Fixed in: mesh/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446_s390x RHSA-2023:3645 Fixed in: mesh/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81_s390x RHSA-2023:3645 Fixed in: mesh/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9_amd64 RHSA-2023:3645 Fixed in: mesh/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06_amd64 RHSA-2023:3645 Fixed in: mesh/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521_amd64 RHSA-2023:3645 Fixed in: mesh/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7_amd64 RHSA-2023:3645 openshift-service Red Hat / RHEL
Fixed in: mesh/grafana-rhel8@sha256:f496643a0600a632a3ce216d67634cff9e6174aeb4d113743fd0443a40b535d9_amd64 RHSA-2023:3645 Fixed in: mesh/kiali-rhel8@sha256:bee9a86adcd6974536fa31d054a880238a720b8bfcd7efc5d656a0ddd5111d06_amd64 RHSA-2023:3645 Fixed in: mesh/pilot-rhel8@sha256:a4b7ddd16863e41a6642fc52c566d94069732afafdcbd761385be1e4e04c8521_amd64 RHSA-2023:3645 Fixed in: mesh/prometheus-rhel8@sha256:2371e4effbf6a4846599729701de09a5613a2df29fee9858b0526470d63a5eb7_amd64 RHSA-2023:3645 Fixed in: mesh/proxyv2-rhel8@sha256:99e0a7f2861823dbd94ed53294a255aab2f710cc0c932dca84ae0681494e029b_amd64 RHSA-2023:3645 Fixed in: mesh/ratelimit-rhel8@sha256:8918686da37dad102867ad55788b2b0f7d750cf137b76a4ca51e244367de6375_amd64 RHSA-2023:3645 Fixed in: mesh/grafana-rhel8@sha256:ce4f38fd64e2e1944e037097b3af9d5b8645f7fc5856b74cba00f94a1a60471f_ppc64le RHSA-2023:3645 Fixed in: mesh/kiali-rhel8@sha256:eebc6514999806d2726fea70bd7f4979dd71a7b2f2aa220ead6b5a838a0ffbdf_ppc64le RHSA-2023:3645 Fixed in: mesh/pilot-rhel8@sha256:bc137efedf8eaf278f508b7f652e7db96f3dcfbb1b685e5a9359680c77b1838a_ppc64le RHSA-2023:3645 Fixed in: mesh/prometheus-rhel8@sha256:f5d874b252b5fa89e85db384b81096cd84fbfafc593532bb6ea0175f680115c7_ppc64le RHSA-2023:3645 Fixed in: mesh/proxyv2-rhel8@sha256:4ffd0acfd05fa5cab68372121f34901adcef3f94d9c38beee8559f9ad8a0fd5a_ppc64le RHSA-2023:3645 Fixed in: mesh/ratelimit-rhel8@sha256:0f35f2a716c4a04873d6dfad61f0d8fc262f2190609cd1cc5578da48cd9d0f4d_ppc64le RHSA-2023:3645 Fixed in: mesh/grafana-rhel8@sha256:ce1247898969a1865d5d7eb865f659131d6dc58e78aecfc31c59615dc21dd48e_s390x RHSA-2023:3645 Fixed in: mesh/kiali-rhel8@sha256:351d18f13943b57b5599dc4c2af9970a6add2fbf2cd702f64128e156e4e8a991_s390x RHSA-2023:3645 Fixed in: mesh/pilot-rhel8@sha256:7b59f76549db37ee09757d79692c52abf1c01baea84fbc98ce5aabc530232f45_s390x RHSA-2023:3645 Fixed in: mesh/prometheus-rhel8@sha256:a2e263be450ab7c304d5b9a79d13e8f65a2b82d259034fc34b8f69cfa8029601_s390x RHSA-2023:3645 Fixed in: mesh/proxyv2-rhel8@sha256:8c3838d96559d417f8986703803843e77732d399d911097488a554b037e2e446_s390x RHSA-2023:3645 Fixed in: mesh/ratelimit-rhel8@sha256:19821b7b74ed96b78f3322c1b770053c532c27b11b66978731ab4aa257991e81_s390x RHSA-2023:3645 openshift-service-mesh/istio Rocky
Fixed in: cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb_ppc64le RHSA-2023:3645 Fixed in: cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13_s390x RHSA-2023:3645 Fixed in: cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5_amd64 RHSA-2023:3645 openshift-service-mesh/istio Red Hat / RHEL
Fixed in: cni-rhel8@sha256:47720497b1bb8ee24993260359294eeeafdd888c71ccca6cb12d526e5c3a4a13_s390x RHSA-2023:3645 Fixed in: cni-rhel8@sha256:8abbc8a247ff6de3e5b212e6a2b0203600555e1f3f0c8599aaf19c9cdda59abb_ppc64le RHSA-2023:3645 Fixed in: cni-rhel8@sha256:3f410cd41ea91e0014d1cf8d7f3decb3bf0e3db5e9aa2612480a76f6797aa3b5_amd64 RHSA-2023:3645 openshift-service-mesh/istio-must Red Hat / RHEL
Fixed in: gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6_amd64 RHSA-2023:3645 Fixed in: gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790_s390x RHSA-2023:3645 Fixed in: gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628_ppc64le RHSA-2023:3645 openshift-service-mesh/istio-must Rocky
Fixed in: gather-rhel8@sha256:a2de7f954c0878842b5e214d809382c7d0428b8d3ed22fa1516e49ec583d7790_s390x RHSA-2023:3645 Fixed in: gather-rhel8@sha256:c6cda704d37ed2d233ec225578cb8021429a64d77649c26672c876569a0696b6_amd64 RHSA-2023:3645 Fixed in: gather-rhel8@sha256:bbd215d60e43f719ac81025128f30002bb11f1d29fa874f3b8b1ce61a9269628_ppc64le RHSA-2023:3645 Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.
Exploitability
Attack Vector Local
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Impact
Confidentiality High
Integrity High
Availability High
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
3.35% probability of exploitation in 30 days
87th percentile
Elevated risk: more likely to be exploited than 87% of all known CVEs.
Embed a live status badge for CVE-2021-43138 Markdown
[](https://tridentstack.com/cve/CVE-2021-43138)HTML
<a href="https://tridentstack.com/cve/CVE-2021-43138"><img src="https://tridentstack.com/cve/badge/CVE-2021-43138.svg" alt="CVE-2021-43138"></a>Find and fix vulnerabilities across your fleet TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.
Start free This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.