TODO

2019-08-27T17:42:33
ID GHSA-FHJF-83WG-R2J9
Type github
Reporter GitHub Advisory Database
Modified 2020-02-28T22:04:43

Description

mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.