Количество 3
Количество 3
CVE-2021-26707
The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library.
CVE-2021-26707
The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library.
GHSA-r6rj-9ch6-g264
Prototype pollution in Merge-deep
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2021-26707 The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library. | CVSS3: 9.8 | 1% Низкий | около 5 лет назад |
 | CVE-2021-26707 The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library. | CVSS3: 9.8 | 1% Низкий | больше 4 лет назад |
| GHSA-r6rj-9ch6-g264 Prototype pollution in Merge-deep | CVSS3: 9.8 | 1% Низкий | больше 4 лет назад |
Уязвимостей на страницу