CVE-2021-23413— Denial of Service (DoS)

CVSS 5.3 · Medium EPSS 1.21% · P79 Updated Feb 24, 2026

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2021-23413

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Denial of Service (DoS)

Source: NVD (National Vulnerability Database)

Vulnerability Description

This affects the package jszip before 3.7.0. Crafting a new zip file with filenames set to Object prototype values (e.g __proto__, toString, etc) results in a returned object with a modified prototype instance.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

jszip 安全漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

jszip是一个用于创建、读取和编辑.zip文件的JavaScript库。 jszip 3.7.0之前版本存在安全漏洞，该漏洞源于当创建一个新的zip文件，文件名设置为对象原型值时，将返回一个带有修改过的原型实例的对象。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
-	jszip	unspecified ~ 3.7.0	-

II. Public POCs for CVE-2021-23413

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2021-23413

请登录查看更多情报信息。

https://github.com/Stuk/jszip/pull/766x_refsource_MISC
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1251499x_refsource_MISC
https://snyk.io/vuln/SNYK-JS-JSZIP-1251497x_refsource_MISC
https://github.com/Stuk/jszip/blob/master/lib/object.js%23L88x_refsource_MISC
https://github.com/Stuk/jszip/commit/22357494f424178cb416cdb7d93b26dd4f824b36x_refsource_MISC
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1251498x_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2021-23413

Same Patch Batch · n/a · 2021-07-25 · 33 CVEs total

CVE-2021-37454		NCH Axon PBX 跨站脚本漏洞
CVE-2021-37439		NCH FlexiServer 路径遍历漏洞
CVE-2021-37440		NCH Axon PBX 路径遍历漏洞
CVE-2021-37441		NCH Axon PBX 路径遍历漏洞
CVE-2021-37442		NCH IVM Attendant 路径遍历漏洞
CVE-2021-37443		NCH IVM assistant 路径遍历漏洞
CVE-2021-37444		NCH IVM Attendant 代码问题漏洞
CVE-2021-37445		NCH Quorum 路径遍历漏洞
CVE-2021-37446		NCH Quorum 路径遍历漏洞
CVE-2021-37447		NCH Quorum 路径遍历漏洞
CVE-2021-37448		NCH IVM Attendant 跨站脚本漏洞
CVE-2021-37449		NCH IVM Attendant 跨站脚本漏洞
CVE-2021-37450		NCH IVM Attendant 跨站脚本漏洞
CVE-2021-37451		NCH IVM Attendant 跨站脚本漏洞
CVE-2021-37452		NCH Quorum 访问控制错误漏洞
CVE-2021-37453		NCH Axon PBX 跨站脚本漏洞
CVE-2021-37470		NCH WebDictate 跨站脚本漏洞
CVE-2021-37455		NCH Axon PBX 跨站脚本漏洞
CVE-2021-37456		NCH Axon PBX 跨站脚本漏洞
CVE-2021-37457		NCH Axon PBX 跨站脚本漏洞

Showing top 20 of 33 CVEs. View all on vendor page → →

IV. Related Vulnerabilities

Same vendor: n/a

V. Comments for CVE-2021-23413

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2021-23413— Denial of Service (DoS)

I. Basic Information for CVE-2021-23413

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2021-23413

III. Intelligence Information for CVE-2021-23413

Same Patch Batch · n/a · 2021-07-25 · 33 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2021-23413

Leave a comment