CVE & CISA-KEV Catalog

CVE-2021-44906

CRITICALEPSS 90th pctl
9.8
CVSS v3
NVD

Description

Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).

How to fix

Remediation Available
node-minimistDebian
Fixed in:1.2.5+~cs5.3.1-2+deb11u1CVE-2021-44906
Fixed in:1.2.6+~cs5.3.2-1CVE-2021-44906
Fixed in:1.2.6+~cs5.3.2-1CVE-2021-44906
Fixed in:1.2.6+~cs5.3.2-1CVE-2021-44906
eap7-hal-consoleRed Hat / RHEL
Fixed in:0:3.2.17-1.Final_redhat_00001.1.el7eapRHSA-2025:1747
Fixed in:0:3.2.17-1.Final_redhat_00001.1.el7eapRHSA-2025:1747
eap7-hal-consoleRocky
Fixed in:0:3.2.17-1.Final_redhat_00001.1.el7eapRHSA-2025:1747
Fixed in:0:3.2.17-1.Final_redhat_00001.1.el7eapRHSA-2025:1747
eap7-jackson-annotationsRocky
Fixed in:0:2.10.4-2.redhat_00004.1.el7eapRHSA-2025:1747
Fixed in:0:2.10.4-2.redhat_00004.1.el7eapRHSA-2025:1747
eap7-jackson-annotationsRed Hat / RHEL
Fixed in:0:2.10.4-2.redhat_00004.1.el7eapRHSA-2025:1747
Fixed in:0:2.10.4-2.redhat_00004.1.el7eapRHSA-2025:1747
eap7-jackson-coreRed Hat / RHEL
Fixed in:0:2.10.4-2.redhat_00004.1.el7eapRHSA-2025:1747
Fixed in:0:2.10.4-2.redhat_00004.1.el7eapRHSA-2025:1747
eap7-jackson-coreRocky
Fixed in:0:2.10.4-2.redhat_00004.1.el7eapRHSA-2025:1747
Fixed in:0:2.10.4-2.redhat_00004.1.el7eapRHSA-2025:1747
eap7-jackson-databindRed Hat / RHEL
Fixed in:0:2.10.4-4.redhat_00004.1.el7eapRHSA-2025:1747
Fixed in:0:2.10.4-4.redhat_00004.1.el7eapRHSA-2025:1747
eap7-jackson-databindRocky
Fixed in:0:2.10.4-4.redhat_00004.1.el7eapRHSA-2025:1747
Fixed in:0:2.10.4-4.redhat_00004.1.el7eapRHSA-2025:1747
eap7-jackson-datatype-jdk8Rocky
Fixed in:0:2.10.4-2.redhat_00004.1.el7eapRHSA-2025:1747
eap7-jackson-datatype-jdk8Red Hat / RHEL
Fixed in:0:2.10.4-2.redhat_00004.1.el7eapRHSA-2025:1747
eap7-jackson-datatype-jsr310Rocky
Fixed in:0:2.10.4-2.redhat_00004.1.el7eapRHSA-2025:1747
eap7-jackson-datatype-jsr310Red Hat / RHEL
Fixed in:0:2.10.4-2.redhat_00004.1.el7eapRHSA-2025:1747
eap7-jackson-jaxrs-baseRed Hat / RHEL
Fixed in:0:2.10.4-2.redhat_00004.1.el7eapRHSA-2025:1747
eap7-jackson-jaxrs-baseRocky
Fixed in:0:2.10.4-2.redhat_00004.1.el7eapRHSA-2025:1747
eap7-jackson-jaxrs-json-providerRocky
Fixed in:0:2.10.4-2.redhat_00004.1.el7eapRHSA-2025:1747
eap7-jackson-jaxrs-json-providerRed Hat / RHEL
Fixed in:0:2.10.4-2.redhat_00004.1.el7eapRHSA-2025:1747
eap7-jackson-jaxrs-providersRed Hat / RHEL
Fixed in:0:2.10.4-2.redhat_00004.1.el7eapRHSA-2025:1747
eap7-jackson-jaxrs-providersRocky
Fixed in:0:2.10.4-2.redhat_00004.1.el7eapRHSA-2025:1747
eap7-jackson-module-jaxb-annotationsRocky
Fixed in:0:2.10.4-4.redhat_00004.1.el7eapRHSA-2025:1747
eap7-jackson-module-jaxb-annotationsRed Hat / RHEL
Fixed in:0:2.10.4-4.redhat_00004.1.el7eapRHSA-2025:1747
eap7-jackson-modules-baseRed Hat / RHEL
Fixed in:0:2.10.4-4.redhat_00004.1.el7eapRHSA-2025:1747
Fixed in:0:2.10.4-4.redhat_00004.1.el7eapRHSA-2025:1747
eap7-jackson-modules-baseRocky
Fixed in:0:2.10.4-4.redhat_00004.1.el7eapRHSA-2025:1747
Fixed in:0:2.10.4-4.redhat_00004.1.el7eapRHSA-2025:1747
eap7-jackson-modules-java8Rocky
Fixed in:0:2.10.4-2.redhat_00004.1.el7eapRHSA-2025:1747
Fixed in:0:2.10.4-2.redhat_00004.1.el7eapRHSA-2025:1747
eap7-jackson-modules-java8Red Hat / RHEL
Fixed in:0:2.10.4-2.redhat_00004.1.el7eapRHSA-2025:1747
Fixed in:0:2.10.4-2.redhat_00004.1.el7eapRHSA-2025:1747
eap7-jettisonRocky
Fixed in:0:1.5.2-2.redhat_00002.1.el7eapRHSA-2025:1747
Fixed in:0:1.5.2-2.redhat_00002.1.el7eapRHSA-2025:1747
eap7-jettisonRed Hat / RHEL
Fixed in:0:1.5.2-2.redhat_00002.1.el7eapRHSA-2025:1747
Fixed in:0:1.5.2-2.redhat_00002.1.el7eapRHSA-2025:1747
eap7-nettyRocky
Fixed in:0:4.1.63-4.Final_redhat_00002.1.el7eapRHSA-2025:1747
Fixed in:0:4.1.63-4.Final_redhat_00002.1.el7eapRHSA-2025:1747
eap7-nettyRed Hat / RHEL
Fixed in:0:4.1.63-4.Final_redhat_00002.1.el7eapRHSA-2025:1747
Fixed in:0:4.1.63-4.Final_redhat_00002.1.el7eapRHSA-2025:1747
eap7-netty-allRocky
Fixed in:0:4.1.63-4.Final_redhat_00002.1.el7eapRHSA-2025:1747
eap7-netty-allRed Hat / RHEL
Fixed in:0:4.1.63-4.Final_redhat_00002.1.el7eapRHSA-2025:1747
eap7-resteasyRocky
Fixed in:0:3.11.6-1.Final_redhat_00001.1.el7eapRHSA-2025:1747
Fixed in:0:3.11.6-1.Final_redhat_00001.1.el7eapRHSA-2025:1747
eap7-resteasyRed Hat / RHEL
Fixed in:0:3.11.6-1.Final_redhat_00001.1.el7eapRHSA-2025:1747
Fixed in:0:3.11.6-1.Final_redhat_00001.1.el7eapRHSA-2025:1747
eap7-resteasy-atom-providerRocky
Fixed in:0:3.11.6-1.Final_redhat_00001.1.el7eapRHSA-2025:1747
eap7-resteasy-atom-providerRed Hat / RHEL
Fixed in:0:3.11.6-1.Final_redhat_00001.1.el7eapRHSA-2025:1747
eap7-resteasy-cdiRed Hat / RHEL
Fixed in:0:3.11.6-1.Final_redhat_00001.1.el7eapRHSA-2025:1747
eap7-resteasy-cdiRocky
Fixed in:0:3.11.6-1.Final_redhat_00001.1.el7eapRHSA-2025:1747
eap7-resteasy-clientRed Hat / RHEL
Fixed in:0:3.11.6-1.Final_redhat_00001.1.el7eapRHSA-2025:1747
eap7-resteasy-clientRocky
Fixed in:0:3.11.6-1.Final_redhat_00001.1.el7eapRHSA-2025:1747
eap7-resteasy-client-microprofileRed Hat / RHEL
Fixed in:0:3.11.6-1.Final_redhat_00001.1.el7eapRHSA-2025:1747
eap7-resteasy-client-microprofileRocky
Fixed in:0:3.11.6-1.Final_redhat_00001.1.el7eapRHSA-2025:1747
eap7-resteasy-cryptoRed Hat / RHEL
Fixed in:0:3.11.6-1.Final_redhat_00001.1.el7eapRHSA-2025:1747
eap7-resteasy-cryptoRocky
Fixed in:0:3.11.6-1.Final_redhat_00001.1.el7eapRHSA-2025:1747
eap7-resteasy-jackson-providerRed Hat / RHEL
Fixed in:0:3.11.6-1.Final_redhat_00001.1.el7eapRHSA-2025:1747
eap7-resteasy-jackson-providerRocky
Fixed in:0:3.11.6-1.Final_redhat_00001.1.el7eapRHSA-2025:1747
eap7-resteasy-jackson2-providerRocky
Fixed in:0:3.11.6-1.Final_redhat_00001.1.el7eapRHSA-2025:1747
eap7-resteasy-jackson2-providerRed Hat / RHEL
Fixed in:0:3.11.6-1.Final_redhat_00001.1.el7eapRHSA-2025:1747
eap7-resteasy-jaxb-providerRocky
Fixed in:0:3.11.6-1.Final_redhat_00001.1.el7eapRHSA-2025:1747
eap7-resteasy-jaxb-providerRed Hat / RHEL
Fixed in:0:3.11.6-1.Final_redhat_00001.1.el7eapRHSA-2025:1747
eap7-resteasy-jaxrsRocky
Fixed in:0:3.11.6-1.Final_redhat_00001.1.el7eapRHSA-2025:1747
eap7-resteasy-jaxrsRed Hat / RHEL
Fixed in:0:3.11.6-1.Final_redhat_00001.1.el7eapRHSA-2025:1747
eap7-resteasy-jettison-providerRocky
Fixed in:0:3.11.6-1.Final_redhat_00001.1.el7eapRHSA-2025:1747
eap7-resteasy-jettison-providerRed Hat / RHEL
Fixed in:0:3.11.6-1.Final_redhat_00001.1.el7eapRHSA-2025:1747
eap7-resteasy-jose-jwtRocky
Fixed in:0:3.11.6-1.Final_redhat_00001.1.el7eapRHSA-2025:1747
eap7-resteasy-jose-jwtRed Hat / RHEL
Fixed in:0:3.11.6-1.Final_redhat_00001.1.el7eapRHSA-2025:1747
eap7-resteasy-jsapiRed Hat / RHEL
Fixed in:0:3.11.6-1.Final_redhat_00001.1.el7eapRHSA-2025:1747
eap7-resteasy-jsapiRocky
Fixed in:0:3.11.6-1.Final_redhat_00001.1.el7eapRHSA-2025:1747
eap7-resteasy-json-binding-providerRed Hat / RHEL
Fixed in:0:3.11.6-1.Final_redhat_00001.1.el7eapRHSA-2025:1747
eap7-resteasy-json-binding-providerRocky
Fixed in:0:3.11.6-1.Final_redhat_00001.1.el7eapRHSA-2025:1747
eap7-resteasy-json-p-providerRocky
Fixed in:0:3.11.6-1.Final_redhat_00001.1.el7eapRHSA-2025:1747
eap7-resteasy-json-p-providerRed Hat / RHEL
Fixed in:0:3.11.6-1.Final_redhat_00001.1.el7eapRHSA-2025:1747
eap7-resteasy-multipart-providerRed Hat / RHEL
Fixed in:0:3.11.6-1.Final_redhat_00001.1.el7eapRHSA-2025:1747
eap7-resteasy-multipart-providerRocky
Fixed in:0:3.11.6-1.Final_redhat_00001.1.el7eapRHSA-2025:1747
eap7-resteasy-rxjava2Rocky
Fixed in:0:3.11.6-1.Final_redhat_00001.1.el7eapRHSA-2025:1747
eap7-resteasy-rxjava2Red Hat / RHEL
Fixed in:0:3.11.6-1.Final_redhat_00001.1.el7eapRHSA-2025:1747
eap7-resteasy-springRed Hat / RHEL
Fixed in:0:3.11.6-1.Final_redhat_00001.1.el7eapRHSA-2025:1747
eap7-resteasy-springRocky
Fixed in:0:3.11.6-1.Final_redhat_00001.1.el7eapRHSA-2025:1747
eap7-resteasy-validator-provider-11Red Hat / RHEL
Fixed in:0:3.11.6-1.Final_redhat_00001.1.el7eapRHSA-2025:1747
eap7-resteasy-validator-provider-11Rocky
Fixed in:0:3.11.6-1.Final_redhat_00001.1.el7eapRHSA-2025:1747
eap7-resteasy-yaml-providerRocky
Fixed in:0:3.11.6-1.Final_redhat_00001.1.el7eapRHSA-2025:1747
eap7-resteasy-yaml-providerRed Hat / RHEL
Fixed in:0:3.11.6-1.Final_redhat_00001.1.el7eapRHSA-2025:1747
eap7-snakeyamlRed Hat / RHEL
Fixed in:0:1.33.0-1.SP1_redhat_00001.1.el7eapRHSA-2025:1747
Fixed in:0:1.33.0-1.SP1_redhat_00001.1.el7eapRHSA-2025:1747
eap7-snakeyamlRocky
Fixed in:0:1.33.0-1.SP1_redhat_00001.1.el7eapRHSA-2025:1747
Fixed in:0:1.33.0-1.SP1_redhat_00001.1.el7eapRHSA-2025:1747
eap7-wildflyRed Hat / RHEL
Fixed in:0:7.3.12-3.GA_redhat_00002.1.el7eapRHSA-2025:1747
Fixed in:0:7.3.12-3.GA_redhat_00002.1.el7eapRHSA-2025:1747
eap7-wildflyRocky
Fixed in:0:7.3.12-3.GA_redhat_00002.1.el7eapRHSA-2025:1747
Fixed in:0:7.3.12-3.GA_redhat_00002.1.el7eapRHSA-2025:1747
eap7-wildfly-java-jdk11Rocky
Fixed in:0:7.3.12-3.GA_redhat_00002.1.el7eapRHSA-2025:1747
eap7-wildfly-java-jdk11Red Hat / RHEL
Fixed in:0:7.3.12-3.GA_redhat_00002.1.el7eapRHSA-2025:1747
eap7-wildfly-java-jdk8Rocky
Fixed in:0:7.3.12-3.GA_redhat_00002.1.el7eapRHSA-2025:1747
eap7-wildfly-java-jdk8Red Hat / RHEL
Fixed in:0:7.3.12-3.GA_redhat_00002.1.el7eapRHSA-2025:1747
eap7-wildfly-javadocsRed Hat / RHEL
Fixed in:0:7.3.12-3.GA_redhat_00002.1.el7eapRHSA-2025:1747
eap7-wildfly-javadocsRocky
Fixed in:0:7.3.12-3.GA_redhat_00002.1.el7eapRHSA-2025:1747
eap7-wildfly-modulesRed Hat / RHEL
Fixed in:0:7.3.12-3.GA_redhat_00002.1.el7eapRHSA-2025:1747
eap7-wildfly-modulesRocky
Fixed in:0:7.3.12-3.GA_redhat_00002.1.el7eapRHSA-2025:1747

Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.

CVSS v3 Vector

Exploitability

Attack VectorNetwork
Attack ComplexityLow
Privileges RequiredNone
User InteractionNone
ScopeUnchanged

Impact

ConfidentialityHigh
IntegrityHigh
AvailabilityHigh

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploit Intelligence

4.58%probability of exploitation in 30 days
90thpercentile

High risk: more likely to be exploited than 90% of all known CVEs.

References

Third-Party Advisory1
Other references1
Embed a live status badge for CVE-2021-44906
CVE-2021-44906 severity badge

Markdown

[![CVE-2021-44906](https://tridentstack.com/cve/badge/CVE-2021-44906.svg)](https://tridentstack.com/cve/CVE-2021-44906)

HTML

<a href="https://tridentstack.com/cve/CVE-2021-44906"><img src="https://tridentstack.com/cve/badge/CVE-2021-44906.svg" alt="CVE-2021-44906"></a>

Find and fix vulnerabilities across your fleet

TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.

Start free

This product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2024-11-21.