Описание
Prototype Pollution in defaults-deep
Versions of default-deep before 0.2.4 are vulnerable to prototype pollution
Recommendation
Update to version 0.2.4 or later.
Пакеты
Наименование
defaults-deep
npm
Затронутые версииВерсия исправления
< 0.2.4
0.2.4
Связанные уязвимости
CVSS3: 8.8
nvd
больше 7 лет назад
defaults-deep node module before 0.2.4 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.