Search for packages
| purl | pkg:npm/mixin-deep@1.1.2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-3ypb-mgu7-s7c4
Aliases: GMS-2018-14 |
Denial of Service and remote code execution. Utilities function in mixin-deep can be tricked into modify the prototype of "Object" when the attacker control part of the structure passed to these function. This can let an attacker add or modify existing property that will exist on all object, leading to denial of service or remote code execution. |
Affected by 1 other vulnerability. |
|
VCID-75cr-t5b7-67d8
Aliases: CVE-2019-10746 GHSA-fhjf-83wg-r2j9 |
Prototype Pollution in mixin-deep Versions of `mixin-deep` prior to 2.0.1 or 1.3.2 are vulnerable to Prototype Pollution. The `mixinDeep` function fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects. ## Recommendation If you are using `mixin-deep` 2.x, upgrade to version 2.0.1 or later. If you are using `mixin-deep` 1.x, upgrade to version 1.3.2 or later. |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
|
VCID-f918-yz1e-q7h2
Aliases: CVE-2018-3719 GHSA-3mpr-hq3p-49h9 |
Improper Input Validation mixin-deep node suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of `Object` via `__proto__`, causing the addition or modification of an existing property that will exist on all objects. |
Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||