Описание
Prototype Pollution in just-extend
Versions of just-extend before 4.0.0 are vulnerable to prototype pollution. Provided certain input just-extend can add or modify properties of the Object prototype. These properties will be present on all objects.
Recommendation
Update to version 4.0.0 or later.
Пакеты
Наименование
just-extend
npm
Затронутые версииВерсия исправления
< 4.0.0
4.0.0
Связанные уязвимости
CVSS3: 9.8
nvd
около 7 лет назад
A prototype pollution vulnerability was found in just-extend <4.0.0 that allows attack to inject properties onto Object.prototype through its functions.