{"id":"CVE-2021-25948","details":"Prototype pollution vulnerability in 'expand-hash' versions 0.1.0 through 1.0.1 allows an attacker to cause a denial of service and may lead to remote code execution.","aliases":["GHSA-x3wr-v4wx-5qpc"],"modified":"2026-04-02T06:47:57.594526Z","published":"2021-06-10T12:15:08.607Z","references":[{"type":"EVIDENCE","url":"https://github.com/doowb/expand-hash/blob/556913f6c2f05848110b5b8261cfc78e5ce3dc77/index.js#L19"},{"type":"EVIDENCE","url":"https://www.whitesourcesoftware.com/vulnerability-database/CVE-2021-25948"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/doowb/expand-hash","events":[{"introduced":"0"},{"last_affected":"556913f6c2f05848110b5b8261cfc78e5ce3dc77"}],"database_specific":{"versions":[{"introduced":"0.1.0"},{"last_affected":"1.0.1"}]}}],"versions":["0.1.1","0.2.1","0.2.2","1.0.0","1.0.1","v0.1.1","v0.2.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-25948.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}