VulnerableCode Package Details - pkg:deb/debian/node-mixin-deep@1.1.3-1%2Bdeb9u1

Search for packages

Vulnerability	Summary	Fixed by
VCID-75cr-t5b7-67d8 Aliases: CVE-2019-10746 GHSA-fhjf-83wg-r2j9	Prototype Pollution in mixin-deep Versions of `mixin-deep` prior to 2.0.1 or 1.3.2 are vulnerable to Prototype Pollution. The `mixinDeep` function fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects. ## Recommendation If you are using `mixin-deep` 2.x, upgrade to version 2.0.1 or later. If you are using `mixin-deep` 1.x, upgrade to version 1.3.2 or later.	2.0.1-2 Affected by 0 other vulnerabilities.
VCID-f918-yz1e-q7h2 Aliases: CVE-2018-3719 GHSA-3mpr-hq3p-49h9	Improper Input Validation mixin-deep node suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of `Object` via `__proto__`, causing the addition or modification of an existing property that will exist on all objects.	1.1.3-3+deb10u1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-75cr-t5b7-67d8
Aliases:
CVE-2019-10746
GHSA-fhjf-83wg-r2j9

Prototype Pollution in mixin-deep Versions of `mixin-deep` prior to 2.0.1 or 1.3.2 are vulnerable to Prototype Pollution. The `mixinDeep` function fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects. ## Recommendation If you are using `mixin-deep` 2.x, upgrade to version 2.0.1 or later. If you are using `mixin-deep` 1.x, upgrade to version 1.3.2 or later.

2.0.1-2
Affected by 0 other vulnerabilities.

VCID-f918-yz1e-q7h2
Aliases:
CVE-2018-3719
GHSA-3mpr-hq3p-49h9

Improper Input Validation mixin-deep node suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of `Object` via `__proto__`, causing the addition or modification of an existing property that will exist on all objects.

1.1.3-3+deb10u1
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-15T17:19:15.221034+00:00	Debian Oval Importer	Affected by	VCID-f918-yz1e-q7h2	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-15T15:49:39.995611+00:00	Debian Oval Importer	Affected by	VCID-75cr-t5b7-67d8	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.4.0
2026-04-11T17:05:43.997238+00:00	Debian Oval Importer	Affected by	VCID-f918-yz1e-q7h2	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-11T15:37:20.017491+00:00	Debian Oval Importer	Affected by	VCID-75cr-t5b7-67d8	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.3.0
2026-04-08T16:54:59.218903+00:00	Debian Oval Importer	Affected by	VCID-f918-yz1e-q7h2	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0
2026-04-08T15:31:19.205535+00:00	Debian Oval Importer	Affected by	VCID-75cr-t5b7-67d8	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	38.1.0