High severity vulnerability that affects mixin-deep

2018-07-26T15:10:54
ID GHSA-3MPR-HQ3P-49H9
Type github
Reporter GitHub Advisory Database
Modified 2019-07-03T21:02:02

Description

mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects.