{"id":"CVE-2023-26113","details":"Versions of the package collection.js before 6.8.1 are vulnerable to Prototype Pollution via the extend function in Collection.js/dist/node/iterators/extend.js. \r\r","aliases":["GHSA-47pj-q2vm-46xc"],"modified":"2026-07-08T06:29:07.691122056Z","published":"2023-03-18T05:00:01.243Z","database_specific":{"cna_assigner":"snyk","osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/26xxx/CVE-2023-26113.json","cwe_ids":["CWE-1321"]},"references":[{"type":"WEB","url":"https://github.com/kobezzza/Collection/blob/be32c48e68f49d3be48a58e929d1ab8ff1d2d19c/dist/node/iterators/extend.js%23L324"},{"type":"WEB","url":"https://github.com/kobezzza/Collection/releases/tag/v6.8.1"},{"type":"WEB","url":"https://security.snyk.io/vuln/SNYK-JS-COLLECTIONJS-3185148"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/26xxx/CVE-2023-26113.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-26113"},{"type":"REPORT","url":"https://github.com/kobezzza/Collection/issues/27"},{"type":"FIX","url":"https://github.com/kobezzza/Collection/commit/d3d937645f62f37d3115d6aa90bb510fd856e6a2"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/kobezzza/collection","events":[{"introduced":"0"},{"fixed":"c679731b9c228ba23f481836270f2177f07751f9"},{"fixed":"d3d937645f62f37d3115d6aa90bb510fd856e6a2"}],"database_specific":{"cpe":"cpe:2.3:a:collection.js_project:collection.js:*:*:*:*:*:node.js:*:*","extracted_events":[{"introduced":"0"},{"fixed":"6.8.1"}],"source":["CPE_RANGE","REFERENCES"]}}],"versions":["v6.7.10","v6.7.9","v6.7.8","v6.7.7","v6.7.6","v6.7.5","v6.7.4","v6.7.3","v6.7.2","v6.7.1","v6.7.0","v6.6.27","v6.6.26","v6.6.25","v6.6.23","v6.6.22","v6.6.21","v6.6.20","v6.6.19","v6.6.18","v6.6.17","v6.6.16","v6.6.15","v6.6.14","v6.6.13","v6.6.12","v6.6.11","v6.6.10","v6.6.9","v6.6.8","v6.6.7","v6.6.6","v6.6.5","v6.6.4","v6.6.3","v6.6.2","v6.6.1","v6.6.0","v6.5.0","v6.4.0","v6.3.19","v6.3.18","v6.3.17","v6.3.16","v6.3.15","v6.3.14","v6.3.13","v6.3.12","v6.3.11","v6.3.10","v6.3.9","v6.3.8","v6.3.7","v6.3.6","v6.3.5","v6.3.4","v6.3.3","v6.3.2","v6.3.1","v6.3.0","v6.2.2","v6.2.1","v6.2.0","v6.1.7","v6.1.6","v6.1.5","v6.1.4","v6.1.3","v6.1.2","v6.1.1","v6.1.0","v6.0.9","v6.0.8"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-26113.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P"}]}