Описание
Prototype Pollution in defaults-deep
All versions of defaults-deep are vulnerable to prototype pollution. Provided certain input defaults-deep can add or modify properties of the Object prototype. These properties will be present on all objects.
Recommendation
As no patch is currently available for this vulnerability it is our recommendation to select another module that can provide this functionality.
Пакеты
Наименование
defaults-deep
npm
Затронутые версииВерсия исправления
<= 0.2.4
Отсутствует
Связанные уязвимости
CVSS3: 9.8
nvd
около 7 лет назад
A prototype pollution vulnerability was found in defaults-deep <=0.2.4 that would allow a malicious user to inject properties onto Object.prototype.