Описание
Prototype Pollution in deeply
Versions of deeply prior to 1.0.1 are vulnerable to Prototype Pollution. The package fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects.
Recommendation
Upgrade to version 3.1.0 or later.
Пакеты
Наименование
deeply
npm
Затронутые версииВерсия исправления
< 3.1.0
3.1.0
Связанные уязвимости
CVSS3: 9.8
nvd
больше 6 лет назад
deeply is vulnerable to Prototype Pollution in versions before 3.1.0. The function assign-deep could be tricked into adding or modifying properties of Object.prototype using using a _proto_ payload.