deep.assign is vulnerable to prototype pollution. The vulnerability exists in deepAssign
function due to improper parameters validation which allows an attacker to inject malicious property resulting in prototype pollution.
CPE | Name | Operator | Version |
---|---|---|---|
deep.assign | eq | 0.0.0-alpha.0 | |
deep.assign | eq | 0.0.0-alpha.0 |