You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Prototype Pollution in mixin-deep
Critical severity
GitHub Reviewed
Published
Aug 27, 2019
to the GitHub Advisory Database
•
Updated Nov 29, 2023
Versions of mixin-deep prior to 2.0.1 or 1.3.2 are vulnerable to Prototype Pollution. The mixinDeep function fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects.
Recommendation
If you are using mixin-deep 2.x, upgrade to version 2.0.1 or later.
If you are using mixin-deep 1.x, upgrade to version 1.3.2 or later.
Versions of
mixin-deep
prior to 2.0.1 or 1.3.2 are vulnerable to Prototype Pollution. ThemixinDeep
function fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects.Recommendation
If you are using
mixin-deep
2.x, upgrade to version 2.0.1 or later.If you are using
mixin-deep
1.x, upgrade to version 1.3.2 or later.References