4 matches found
CVE-2022-31106
Underscore.deep is a collection of Underscore mixins that operate on nested objects. Versions of underscore.deep prior to version 0.5.3 are vulnerable to a prototype pollution vulnerability. An attacker can craft a malicious payload and pass it to deepFromFlat, which would pollute any future...
Code injection
Underscore.deep is a collection of Underscore mixins that operate on nested objects. Versions of underscore.deep prior to version 0.5.3 are vulnerable to a prototype pollution vulnerability. An attacker can craft a malicious payload and pass it to deepFromFlat, which would pollute any future...
CVE-2022-31106
Underscore.deep (a set of Underscore mixins) before version 0.5.3 is vulnerable to prototype pollution via the deepFromFlat function. A crafted payload can pollute future Object constructions, potentially affecting code paths relying on deepPick/deepFromFlat. The validity of the vulnerability is ...
CVE-2022-31106 Prototype Pollution in underscore.deep
Underscore.deep is a collection of Underscore mixins that operate on nested objects. Versions of underscore.deep prior to version 0.5.3 are vulnerable to a prototype pollution vulnerability. An attacker can craft a malicious payload and pass it to deepFromFlat, which would pollute any future...