Version 3.2.6
async
Async utilities for node and the browser
Install Instructions
npm install async
Current Version Release Date August 19, 2024
Language JavaScript/TypeScript
Package URL (purl) pkg:npm/async@3.2.6
Find async vulnerabilities in your supply chain.
async Vulnerabilities
Sort by
CVE (Latest)
CVE (Latest)
-
CVE (Latest)
-
CVE (Oldest)
-
CVSS Score (Highest)
-
CVSS Score (Lowest)
CVE  |
CVSS Score |
CWE(s) |
EPSS Score |
EPSS % |
Impacted Versions |
|---|---|---|---|---|---|
| CVE-2021-43138 | High 7.8 | CWE-1321 | 0.00191 | 0.56724 |
|
async Vulnerability Remediation Guidance
| CVE | Description | Full list of Impacted Versions | Fix |
|---|---|---|---|
| CVE-2021-43138 | In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution. | 3.2.1, 2.6.3, 3.2.0, 2.3.0, 2.0.1, 2.1.4, 3.0.0, 3.0.1-0 (Show all) | Patch → 3.2.2 |
Instantly see if these async vulnerabilities affect your code.