15 matches found
Linux Distros Unpatched Vulnerability : CVE-2019-10746
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying...
RHEL 8 : nodejs-mixin-deep (Unpatched Vulnerability)
The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - nodejs-mixin-deep: prototype pollution in function mixin-deep CVE-2019-10746 Note that Nessus has not tested for th...
Rocky Linux 8 : nodejs:12 (RLSA-2021:0549)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:0549 advisory. - The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker...
RHEL 7 : rh-nodejs12-nodejs (RHSA-2021:0485)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0485 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
RLSA-2021:0549 Moderate: nodejs:12 security update
Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The following packages have been upgraded to a later upstream version: nodejs 12.20.1, nodejs-nodemon 2.0.3. Security Fixes: nodejs-mixin-deep: prototype pollutio...
RHEL 8 : nodejs:12 (RHSA-2021:0549)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0549 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
Moderate: Red Hat Security Advisory: rh-nodejs12-nodejs security update
An update for rh-nodejs12-nodejs is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Fedora 30 : nodejs-mixin-deep (2020-4a8f110332)
Update to upstream 1.3.2 release for CVE-2019-10746 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
Fedora 31 : nodejs-mixin-deep (2020-f80e5c0d65)
Update to upstream 1.3.2 release for CVE-2019-10746 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...
Fedora: Security Advisory for nodejs-mixin-deep (FEDORA-2020-f80e5c0d65)
The remote host is missing an update for the Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
ts-node-server (>=1.1.0 <=2.0.0) potentially affected by CVE-2019-10746 via mixin-deep (=2.0.0)
mixin-deep NPM version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on mixin-deep and may be impacted: - ts-node-server =1.1.0, =2.0.0 Source cves: CVE-2019-10746 Source advisory: OSV:GHSA-FHJF-83WG-R2J9...
CVE-2019-10746
mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload...
CVE-2019-10746
mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload...
CVE-2019-10746
CVE-2019-10746 affects the nodejs mixin-deep module (versions before 1.3.2 and 2.0.0) and is due to prototype pollution: an attacker can use a constructor payload to add or modify properties on Object.prototype. Inffected ecosystems include applications reporting this vulnerability via Nessus/Mir...
clam-util (>=0.0.5 <=0.1.20), generator-clam (>=0.1.68 <=0.1.86) +2 more potentially affected by CVE-2019-10746 via mixin-deep (=1.0.1)
mixin-deep NPM version =1.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on mixin-deep and may be impacted: - clam-util =0.0.5, =0.1.68, =0.3.0, =0.4.12 - grunt-formatdata =0.1.1 Source cves: CVE-2019-10746 Source advisory: SNYK:JS-MIXINDEEP-450212...