0.006 Low
EPSS
Percentile
78.2%
extend2 is vulnerable to prototype pollution. The vulnerability exists in extend function of index.js as it allows an attacker to pass the value __proto__ through the name variable.
extend
index.js
__proto__
name
gGHSAithub.com/advisories/-gjm5-83cw-p3p2
github.com/eggjs/extend2/blob/master/index.js#L50-L60
github.com/eggjs/extend2/blob/master/index.js%23L50-L60
github.com/eggjs/extend2/commit/aa332a59116c8398976434b57ea477c6823054f8
github.com/eggjs/extend2/pull/2