3 matches found
ROOT-APP-NPM-CVE-2026-35209 CVE-2026-35209 in @rootio/defu - Patched by Root
Root has patched CVE-2026-35209 in the @rootio/defu package for Root:npm. Multiple fixed versions available...
Prototype Pollution
Overview org.webjars.npm:defu is a Recursively assign default properties. Lightweight and Fast! Affected versions of this package are vulnerable to Prototype Pollution via the defu function. An attacker can override default configuration values by supplying crafted input containing a proto key,...
Prototype Pollution
Overview defu is a Recursively assign default properties. Lightweight and Fast! Affected versions of this package are vulnerable to Prototype Pollution via the defu function. An attacker can override default configuration values by supplying crafted input containing a proto key, which results in...