VulnerableCode Package Details - pkg:npm/mixin-deep@1.3.1

Search for packages

Vulnerability	Summary	Fixed by
VCID-75cr-t5b7-67d8 Aliases: CVE-2019-10746 GHSA-fhjf-83wg-r2j9	Prototype Pollution in mixin-deep Versions of `mixin-deep` prior to 2.0.1 or 1.3.2 are vulnerable to Prototype Pollution. The `mixinDeep` function fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects. ## Recommendation If you are using `mixin-deep` 2.x, upgrade to version 2.0.1 or later. If you are using `mixin-deep` 1.x, upgrade to version 1.3.2 or later.	1.3.2 Affected by 0 other vulnerabilities. 2.0.1 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-75cr-t5b7-67d8
Aliases:
CVE-2019-10746
GHSA-fhjf-83wg-r2j9

Prototype Pollution in mixin-deep Versions of `mixin-deep` prior to 2.0.1 or 1.3.2 are vulnerable to Prototype Pollution. The `mixinDeep` function fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects. ## Recommendation If you are using `mixin-deep` 2.x, upgrade to version 2.0.1 or later. If you are using `mixin-deep` 1.x, upgrade to version 1.3.2 or later.

1.3.2
Affected by 0 other vulnerabilities.

2.0.1
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-3ypb-mgu7-s7c4	Denial of Service and remote code execution. Utilities function in mixin-deep can be tricked into modify the prototype of "Object" when the attacker control part of the structure passed to these function. This can let an attacker add or modify existing property that will exist on all object, leading to denial of service or remote code execution.	GMS-2018-14
VCID-f918-yz1e-q7h2	Improper Input Validation mixin-deep node suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of `Object` via `__proto__`, causing the addition or modification of an existing property that will exist on all objects.	CVE-2018-3719 GHSA-3mpr-hq3p-49h9

Vulnerability

Summary

Aliases

VCID-3ypb-mgu7-s7c4

Denial of Service and remote code execution. Utilities function in mixin-deep can be tricked into modify the prototype of "Object" when the attacker control part of the structure passed to these function. This can let an attacker add or modify existing property that will exist on all object, leading to denial of service or remote code execution.

GMS-2018-14

VCID-f918-yz1e-q7h2

Improper Input Validation mixin-deep node suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of `Object` via `__proto__`, causing the addition or modification of an existing property that will exist on all objects.

CVE-2018-3719
GHSA-3mpr-hq3p-49h9

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T20:56:55.294302+00:00	GitLab Importer	Affected by	VCID-75cr-t5b7-67d8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mixin-deep/CVE-2019-10746.yml	38.4.0
2026-04-16T20:44:23.836021+00:00	GitLab Importer	Fixing	VCID-f918-yz1e-q7h2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mixin-deep/CVE-2018-3719.yml	38.4.0
2026-04-16T20:41:37.691622+00:00	GitLab Importer	Fixing	VCID-3ypb-mgu7-s7c4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mixin-deep/GMS-2018-14.yml	38.4.0
2026-04-16T01:21:52.493398+00:00	GHSA Importer	Fixing	VCID-f918-yz1e-q7h2	https://github.com/advisories/GHSA-3mpr-hq3p-49h9	38.4.0
2026-04-11T22:07:56.745527+00:00	GitLab Importer	Affected by	VCID-75cr-t5b7-67d8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mixin-deep/CVE-2019-10746.yml	38.3.0
2026-04-11T21:55:10.722685+00:00	GitLab Importer	Fixing	VCID-f918-yz1e-q7h2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mixin-deep/CVE-2018-3719.yml	38.3.0
2026-04-11T21:52:14.151904+00:00	GitLab Importer	Fixing	VCID-3ypb-mgu7-s7c4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mixin-deep/GMS-2018-14.yml	38.3.0
2026-04-11T12:50:54.888711+00:00	GHSA Importer	Fixing	VCID-f918-yz1e-q7h2	https://github.com/advisories/GHSA-3mpr-hq3p-49h9	38.3.0
2026-04-02T22:20:41.591592+00:00	GitLab Importer	Affected by	VCID-75cr-t5b7-67d8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mixin-deep/CVE-2019-10746.yml	38.1.0
2026-04-02T22:08:40.523217+00:00	GitLab Importer	Fixing	VCID-f918-yz1e-q7h2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mixin-deep/CVE-2018-3719.yml	38.1.0
2026-04-02T22:06:00.997350+00:00	GitLab Importer	Fixing	VCID-3ypb-mgu7-s7c4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mixin-deep/GMS-2018-14.yml	38.1.0
2026-04-02T13:44:23.068043+00:00	GHSA Importer	Fixing	VCID-f918-yz1e-q7h2	https://github.com/advisories/GHSA-3mpr-hq3p-49h9	38.1.0
2026-04-01T16:54:47.392606+00:00	Npm Importer	Fixing	VCID-f918-yz1e-q7h2	https://github.com/nodejs/security-wg/blob/main/vuln/npm/369.json	38.0.0
2026-04-01T16:38:27.756819+00:00	GitLab Importer	Affected by	VCID-75cr-t5b7-67d8	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mixin-deep/CVE-2019-10746.yml	38.0.0
2026-04-01T15:56:34.506288+00:00	GHSA Importer	Fixing	VCID-f918-yz1e-q7h2	https://github.com/advisories/GHSA-3mpr-hq3p-49h9	38.0.0
2026-04-01T13:04:00.381748+00:00	GithubOSV Importer	Fixing	VCID-f918-yz1e-q7h2	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2018/07/GHSA-3mpr-hq3p-49h9/GHSA-3mpr-hq3p-49h9.json	38.0.0
2026-04-01T12:47:45.193241+00:00	GitLab Importer	Fixing	VCID-f918-yz1e-q7h2	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mixin-deep/CVE-2018-3719.yml	38.0.0
2026-04-01T12:47:35.024429+00:00	GitLab Importer	Fixing	VCID-3ypb-mgu7-s7c4	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/npm/mixin-deep/GMS-2018-14.yml	38.0.0