Описание
Prototype Pollution in assign-deep
Versions of assign-deep before 0.4.7 are vulnerable to prototype pollution via merging functions.
Recommendation
Update to version 0.4.7 or later.
Пакеты
Наименование
assign-deep
npm
Затронутые версииВерсия исправления
< 0.4.7
0.4.7
Связанные уязвимости
CVSS3: 8.8
nvd
больше 7 лет назад
assign-deep node module before 0.4.7 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.