Prototype Pollution in mout

🗓️ 09 Feb 2022 22:10:49Reported by GitHub Advisory DatabaseType

Prototype Pollution in mout affects all versions of package mout. deepFillIn function and deepMixIn function are vulnerable to this attack as they do not check the key used to access the target object recursively.

Reporter	Title	Published	Views	Family All 13
OSV	Prototype Pollution in mout	9 Feb 202222:49	–	osv
OSV	Prototype Pollution in mout	18 Jun 202200:00	–	osv
Veracode	Prototype Pollution	14 Dec 202006:08	–	veracode
Cvelist	CVE-2020-7792 Prototype Pollution	11 Dec 202011:05	–	cvelist
Cvelist	CVE-2022-21213 Prototype Pollution	17 Jun 202220:05	–	cvelist
CVE	CVE-2020-7792	11 Dec 202011:15	–	cve
CVE	CVE-2022-21213	17 Jun 202220:15	–	cve
Huntr	Prototype Pollution in mout/mout	14 Dec 202000:00	–	huntr
NVD	CVE-2020-7792	11 Dec 202011:15	–	nvd
NVD	CVE-2022-21213	17 Jun 202220:15	–	nvd

Vulners

Node

moutjs moutRange<1.2.3

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2020-7792
snyk	www.snyk.io/vuln/SNYK-JS-MOUT-1014544
github	www.github.com/mout/mout/commit/3fecf1333e6d71ae72edf48c71dc665e40df7605
github	www.github.com/mout/mout/blob/master/src/object/deepFillIn.js
github	www.github.com/mout/mout/blob/master/src/object/deepMixIn.js
snyk	www.snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1050374
snyk	www.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1050373
github	www.github.com/advisories/GHSA-pc58-wgmc-hfjr

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

09 Feb 2022 22:49Current

7.2High risk

Vulners AI Score7.2

CVSS27.5

CVSS37.5

EPSS0.0022

CWE-1321