2 matches found
CVE-2021-25944
CVE-2021-25944 relates to a prototype pollution flaw in the npm module deep-defaults affecting versions 1.0.0–1.0.5. The root cause is that the internal function _deepDefaults() assigns properties without validating the input type, enabling an attacker to pollute Object.prototype (e.g., via malic...
CVE-2021-25944
Prototype pollution vulnerability in 'deep-defaults' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution...