4 matches found
CVE-2019-10745
assign-deep is vulnerable to Prototype Pollution in versions before 0.4.8 and version 1.0.0. The function assign-deep could be tricked into adding or modifying properties of Object.prototype using either a constructor or a proto payload...
CVE-2019-10745
assign-deep is vulnerable to Prototype Pollution in versions before 0.4.8 and version 1.0.0. The function assign-deep could be tricked into adding or modifying properties of Object.prototype using either a constructor or a proto payload...
CVE-2019-10745
The CVE-2019-10745 entry concerns the assign-deep module, which is vulnerable to Prototype Pollution. Affected versions are before 0.4.8 and version 1.0.0, where the assign-deep function could be tricked into adding or modifying properties of Object.prototype via a constructor or proto payload. T...
@careteam/mfe-init (=0.0.8), @topfeed/topfeed (>=0.0.30 <=0.0.44) +69 more potentially affected by CVE-2019-10745 via assign-deep (>=0.1.2 <=0.4.7)
assign-deep NPM version =0.1.2, =0.0.30, =0.0.1, =1.0.0, =0.0.1, =0.1.0, =1.0.0, =1.2.0, =0.0.1, =1.0.0, =1.0.0, =0.0.1, =0.0.1, =1.0.0, =2.3.0 and more Source cves: CVE-2019-10745 Source advisory: SNYK:JS-ASSIGNDEEP-450211...