Lucene search
GoogleOSV:GHSA-R5CQ-9537-9RPFHistoryFeb 10, 2022 - 11:52 p.m.
Prototype Pollution in mixme
2022-02-1023:52:01
Google
osv.dev
16
prototype pollution denial of service node.js mixme
EPSS
0.01
Percentile
83.6%
Node.js mixme 0.5.0, an attacker can add or alter properties of an object via ‘proto’ through the mutate() and merge() functions. The polluted attribute will be directly assigned to every object in the program. This will put the availability of the program at risk causing a potential denial of service (DoS).
References
nodejs.com
github.com/adaltas/node-mixme
github.com/adaltas/node-mixme/commit/cfd5fbfc32368bcf7e06d1c5985ea60e34cd4028
github.com/adaltas/node-mixme/issues/1
github.com/adaltas/node-mixme/security/advisories/GHSA-79jw-6wg7-r9g4
nvd.nist.gov/vuln/detail/CVE-2021-28860
security.netapp.com/advisory/ntap-20210618-0005
www.npmjs.com/~david
Related
cve
cve
CVE-2021-29491
2021-05-06 13:15:12
CVE-2021-28860
2021-05-03 12:15:07
osv
osv
CVE-2021-28860
2021-05-03 12:15:07
Use of Potentially Dangerous Function in mixme
2021-05-06 15:45:39
nvd
nvd
CVE-2021-29491
2021-05-06 13:15:12
CVE-2021-28860
2021-05-03 12:15:07
github
github
Prototype Pollution in mixme
2022-02-10 23:52:01
Use of Potentially Dangerous Function in mixme
2021-05-06 15:45:39
veracode
veracode
Prototype Pollution
2022-02-11 09:22:03
prion
prion
Design/Logic Flaw
2021-05-03 12:15:00
cvelist
cvelist
CVE-2021-28860
2021-05-03 11:48:33
CVE-2021-29491
2021-05-06 12:51:37
nodejs
nodejs
Prototype Pollution
2021-05-06 15:47:15