Prototype pollution in nested-object-assign

The package nested-object-assign before 1.0.4 is vulnerable to Prototype Pollution via the default function...

GHSA-C497-V8PV-CH6X Prototype pollution in nested-object-assign

The package nested-object-assign before 1.0.4 is vulnerable to Prototype Pollution via the default function...

Prototype Pollution

nested-object-assign is vulnerable to prototype pollution. An attacker is able to inject properties into existing construct prototypes and modify attributes such as proto, constructor and prototype...

CVE-2021-23329

CVE-2021-23329 affects the npm package nested-object-assign, specifically versions prior to 1.0.4. The vulnerability is Prototype Pollution via the default function, allowing an attacker to inject properties into Object.prototype. Exploitation details are not provided in the provided documents, b...

PT-2021-15438 · Unknown · Nested-Object-Assign

Name of the Vulnerable Software and Affected Versions: nested-object-assign versions prior to 1.0.4 Description: The issue concerns Prototype Pollution via the default function. Recommendations: For versions prior to 1.0.4, update to version 1.0.4 or later to resolve the issue...

Prototype Pollution in geta/nestedobjectassign

Description nested-object-assign is vulnerable to Prototype Pollution. Proof of Concept 1. Create the following PoC file: javascript // poc.js const assign = require'nested-object-assign' console.log'Before: ' + .polluted assign, JSON.parse'"proto": "polluted": true' console.log'After: ' +...