Versions of `mixin-deep` prior to 2.0.1 or 1.3.2 are vulnerable to Prototype Pollution. The `mixinDeep` function fails to validate which Object properties it updates, allowing attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects
Reporter | Title | Published | Views | Family All 42 |
---|---|---|---|---|
GithubExploit | Exploit for Argument Injection in Mixin-Deep Project Mixin-Deep | 1 Dec 202009:18 | – | githubexploit |
OpenVAS | Fedora: Security Advisory for nodejs-mixin-deep (FEDORA-2020-4a8f110332) | 8 Feb 202000:00 | – | openvas |
OpenVAS | Fedora: Security Advisory for nodejs-mixin-deep (FEDORA-2020-f80e5c0d65) | 8 Feb 202000:00 | – | openvas |
RedhatCVE | CVE-2019-10746 | 30 Mar 202008:17 | – | redhatcve |
Fedora | [SECURITY] Fedora 31 Update: nodejs-mixin-deep-1.3.2-1.fc31 | 8 Feb 202002:05 | – | fedora |
Fedora | [SECURITY] Fedora 30 Update: nodejs-mixin-deep-1.3.2-1.fc30 | 8 Feb 202001:39 | – | fedora |
OSV | CVE-2019-10746 | 23 Aug 201917:15 | – | osv |
OSV | Prototype Pollution in mixin-deep | 27 Aug 201917:42 | – | osv |
OSV | Moderate: nodejs:12 security update | 16 Feb 202107:34 | – | osv |
OSV | Moderate: nodejs:12 security update | 16 Feb 202107:34 | – | osv |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo