Описание
Prototype Pollution in mixme
Impact
When copying properties from a source object to a target object, the target object can gain access to certain properties of the source object and modify their content.
Patches
The problem was patch with a more agressive discovery of secured properties to filter out.
Ссылки
- https://github.com/adaltas/node-mixme/security/advisories/GHSA-84p7-fh9c-6g8h
- https://github.com/adaltas/node-mixme/issues/1
- https://github.com/adaltas/node-mixme/issues/2
- https://github.com/adaltas/node-mixme/commit/db70fe9bcbba451e9f8bd794a9fa7cdfa00125ad
- https://github.com/advisories/GHSA-79jw-6wg7-r9g4
Пакеты
Наименование
mixme
npm
Затронутые версииВерсия исправления
< 0.5.2
0.5.2
Дефекты
CWE-1321
Дефекты
CWE-1321