Prototype Pollution in smart-extend

All versions of smart-extend are vulnerable to Prototype Pollution. The deep function allows attackers to modify the prototype of Object causing the addition or modification of an existing property that will exist on all objects. Recommendation No fix is currently available. Consider using an...

GHSA-F8H3-RQRM-47V9 Prototype Pollution in smart-extend

All versions of smart-extend are vulnerable to Prototype Pollution. The deep function allows attackers to modify the prototype of Object causing the addition or modification of an existing property that will exist on all objects. Recommendation No fix is currently available. Consider using an...

@planningcenter/icons (>=3.0.0-7 <=3.0.0-15), feathers-commands (>=0.0.1 <=0.1.4) +11 more potentially affected by unknown CVE via smart-extend (=1.7.4)

smart-extend NPM version =1.7.4 is affected by a known vulnerability. The following packages have a transitive dependency on smart-extend and may be impacted: - @planningcenter/icons =3.0.0-7, =0.0.1, =1.0.4, =1.0.2, =0.0.1, =1.0.0, =1.0.0, =1.0.2, =1.0.0, =0.1.0, =1.0.1, =2.0.0, =3.0.5 Source...

Prototype Pollution

smart-extend is vulnerable to prototype pollution. An attacker is able to inject arbitrary properties on Prototype objects to execute arbitrary code or cause a denial of service...

Prototype Pollution

Overview All versions of smart-extend are vulnerable to Prototype Pollution. The deep function allows attackers to modify the prototype of Object causing the addition or modification of an existing property that will exist on all objects. Recommendation No fix is currently available. Consider usi...

Node.js third-party modules: Prototype pollution attack (smart-extend)

Hi team, I would like to report a prototype pollution vulnerability in smart-extend that allows an attacker to inject properties on Object.prototype. Module module name: smart-extend version: 1.7.3 npm page: https://www.npmjs.com/package/smart-extend Module Description smart-extend is an extensio...