4 matches found
@digiwano/enquirer-experiments (>=0.0.1 <=0.0.3), firepit (=0.0.1) +1 more potentially affected by CVE-2020-7716 via deeps (=1.4.5)
deeps NPM version =1.4.5 is affected by a known vulnerability. The following packages have a transitive dependency on deeps and may be impacted: - @digiwano/enquirer-experiments =0.0.1, =0.0.3 - firepit =0.0.1 - rnfb-cli =1.0.0 Source cves: CVE-2020-7716 Source advisory: OSV:GHSA-RGFV-V3JH-7FFP...
CVE-2020-7716 Prototype Pollution
All versions of package deeps are vulnerable to Prototype Pollution via the set function...
CVE-2020-7716
CVE-2020-7716 affects the npm package deeps and is a prototype pollution vulnerability via the set function. Public sources describe affected versions as older than 1.4.6 (GHSA: all versions up to 1.4.5; PT-2020-19738 states prior to 1.4.6). Root cause: unsafe handling in object merging/set that ...
@digiwano/enquirer-experiments (>=0.0.1 <=0.0.3), firepit (=0.0.1) +1 more potentially affected by CVE-2020-7716 via deeps (=1.4.5)
deeps NPM version =1.4.5 is affected by a known vulnerability. The following packages have a transitive dependency on deeps and may be impacted: - @digiwano/enquirer-experiments =0.0.1, =0.0.3 - firepit =0.0.1 - rnfb-cli =1.0.0 Source cves: CVE-2020-7716 Source advisory: SNYK:JS-DEEPS-598667...