@alexbinary/object-deep-assign is vulnerable to Prototype Pollution. The vulnerability is due to the lack of prototype checks in the extend
function within index.js
. Attackers can exploit this method to copy malicious properties to the built-in Object.prototype
through special properties like __proto__
or constructor.prototype
.
CPE | Name | Operator | Version |
---|---|---|---|
@alexbinary/object-deep-assign | le | 1.0.11 | |
@alexbinary/object-deep-assign | le | 1.0.11 |