Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-rrx6-dr9n-d3cr

Summary

Prototype Pollution in getsetdeep
All versions of `getsetdeep` are vulnerable to prototype pollution. The `setDeep()` function does not restrict the modification of an Object's prototype, which may allow an attacker to add or modify an existing property that will exist on all objects. 

No fix is currently available. Consider using an alternative package until a fix is made available.

Aliases

alias	GHSA-8j49-49jq-vwcq

alias	GMS-2020-273

Fixed_packages

Affected_packages

url pkg:npm/getsetdeep@0.0.0

purl pkg:npm/getsetdeep@0.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@0.0.0

url pkg:npm/getsetdeep@2.0.0

purl pkg:npm/getsetdeep@2.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@2.0.0

url pkg:npm/getsetdeep@2.1.0

purl pkg:npm/getsetdeep@2.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@2.1.0

url pkg:npm/getsetdeep@3.0.0

purl pkg:npm/getsetdeep@3.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@3.0.0

url pkg:npm/getsetdeep@3.1.0

purl pkg:npm/getsetdeep@3.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@3.1.0

url pkg:npm/getsetdeep@3.2.0-next.1573610869.45439ac111ad6971d702f22530258c20ef509216

purl pkg:npm/getsetdeep@3.2.0-next.1573610869.45439ac111ad6971d702f22530258c20ef509216

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@3.2.0-next.1573610869.45439ac111ad6971d702f22530258c20ef509216

url pkg:npm/getsetdeep@3.2.0-next.1573687530.b46c5ba4eefd0756c6589badf681369f74db0e21

purl pkg:npm/getsetdeep@3.2.0-next.1573687530.b46c5ba4eefd0756c6589badf681369f74db0e21

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@3.2.0-next.1573687530.b46c5ba4eefd0756c6589badf681369f74db0e21

url pkg:npm/getsetdeep@3.2.0-next.1573739143.86daf3605958ff3b50f3ce7658d52f7186f6d97d

purl pkg:npm/getsetdeep@3.2.0-next.1573739143.86daf3605958ff3b50f3ce7658d52f7186f6d97d

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@3.2.0-next.1573739143.86daf3605958ff3b50f3ce7658d52f7186f6d97d

url pkg:npm/getsetdeep@3.2.0

purl pkg:npm/getsetdeep@3.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@3.2.0

url pkg:npm/getsetdeep@3.3.0-next.1574051324.db8d4573c96195db03a46275dc893679c4b5375e

purl pkg:npm/getsetdeep@3.3.0-next.1574051324.db8d4573c96195db03a46275dc893679c4b5375e

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@3.3.0-next.1574051324.db8d4573c96195db03a46275dc893679c4b5375e

url pkg:npm/getsetdeep@3.3.0-next.1574650550.552efa10749615ac128715b9f149d9f4d4efc8f1

purl pkg:npm/getsetdeep@3.3.0-next.1574650550.552efa10749615ac128715b9f149d9f4d4efc8f1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@3.3.0-next.1574650550.552efa10749615ac128715b9f149d9f4d4efc8f1

url pkg:npm/getsetdeep@3.3.0-next.1574658406.8386684d3007d0385dc38d1992bf4068cfe64eb0

purl pkg:npm/getsetdeep@3.3.0-next.1574658406.8386684d3007d0385dc38d1992bf4068cfe64eb0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@3.3.0-next.1574658406.8386684d3007d0385dc38d1992bf4068cfe64eb0

url pkg:npm/getsetdeep@3.3.0

purl pkg:npm/getsetdeep@3.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@3.3.0

url pkg:npm/getsetdeep@3.4.0-next.1575149098.ccce6358cd4dab945424c3b0bec293cc4613b917

purl pkg:npm/getsetdeep@3.4.0-next.1575149098.ccce6358cd4dab945424c3b0bec293cc4613b917

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@3.4.0-next.1575149098.ccce6358cd4dab945424c3b0bec293cc4613b917

url pkg:npm/getsetdeep@3.4.0

purl pkg:npm/getsetdeep@3.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@3.4.0

url pkg:npm/getsetdeep@3.5.0-next.1575176034.e0480089976bc92e70f8d5cb7c6c7155de85c829

purl pkg:npm/getsetdeep@3.5.0-next.1575176034.e0480089976bc92e70f8d5cb7c6c7155de85c829

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@3.5.0-next.1575176034.e0480089976bc92e70f8d5cb7c6c7155de85c829

url pkg:npm/getsetdeep@3.5.0

purl pkg:npm/getsetdeep@3.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@3.5.0

url pkg:npm/getsetdeep@3.6.0-next.1575882740.68eb5a738e880e7fd2f19f6c3257349e06ad9ba1

purl pkg:npm/getsetdeep@3.6.0-next.1575882740.68eb5a738e880e7fd2f19f6c3257349e06ad9ba1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@3.6.0-next.1575882740.68eb5a738e880e7fd2f19f6c3257349e06ad9ba1

url pkg:npm/getsetdeep@3.6.0

purl pkg:npm/getsetdeep@3.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@3.6.0

url pkg:npm/getsetdeep@3.7.0-next.1576641801.7067daca54232c7786f96a68cb2a578de64e8ddd

purl pkg:npm/getsetdeep@3.7.0-next.1576641801.7067daca54232c7786f96a68cb2a578de64e8ddd

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@3.7.0-next.1576641801.7067daca54232c7786f96a68cb2a578de64e8ddd

url pkg:npm/getsetdeep@3.7.0

purl pkg:npm/getsetdeep@3.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@3.7.0

url pkg:npm/getsetdeep@4.0.0-next.1588742289.1622909b878cc800f70b0ef74acaddc40b2fea3a

purl pkg:npm/getsetdeep@4.0.0-next.1588742289.1622909b878cc800f70b0ef74acaddc40b2fea3a

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@4.0.0-next.1588742289.1622909b878cc800f70b0ef74acaddc40b2fea3a

url pkg:npm/getsetdeep@4.0.0

purl pkg:npm/getsetdeep@4.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@4.0.0

url pkg:npm/getsetdeep@4.1.0-next.1589990534.63e16f8d64d5fb030aa9d4417f933d13060c1663

purl pkg:npm/getsetdeep@4.1.0-next.1589990534.63e16f8d64d5fb030aa9d4417f933d13060c1663

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@4.1.0-next.1589990534.63e16f8d64d5fb030aa9d4417f933d13060c1663

url pkg:npm/getsetdeep@4.1.0

purl pkg:npm/getsetdeep@4.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@4.1.0

url pkg:npm/getsetdeep@4.2.0-next.1590038987.a0d2dcf4db6b8fcb0a9bc938e0f4e612dc25f495

purl pkg:npm/getsetdeep@4.2.0-next.1590038987.a0d2dcf4db6b8fcb0a9bc938e0f4e612dc25f495

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@4.2.0-next.1590038987.a0d2dcf4db6b8fcb0a9bc938e0f4e612dc25f495

url pkg:npm/getsetdeep@4.2.0

purl pkg:npm/getsetdeep@4.2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@4.2.0

url pkg:npm/getsetdeep@4.3.0-next.1590075564.8bcbbe78ea07d98942d80c7837d76a2ec891cf2c

purl pkg:npm/getsetdeep@4.3.0-next.1590075564.8bcbbe78ea07d98942d80c7837d76a2ec891cf2c

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@4.3.0-next.1590075564.8bcbbe78ea07d98942d80c7837d76a2ec891cf2c

url pkg:npm/getsetdeep@4.3.0

purl pkg:npm/getsetdeep@4.3.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@4.3.0

url pkg:npm/getsetdeep@4.4.0-next.1591779284.03c1f388ce8c9de428d07c39301f4a2fa758159d

purl pkg:npm/getsetdeep@4.4.0-next.1591779284.03c1f388ce8c9de428d07c39301f4a2fa758159d

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@4.4.0-next.1591779284.03c1f388ce8c9de428d07c39301f4a2fa758159d

url pkg:npm/getsetdeep@4.4.0

purl pkg:npm/getsetdeep@4.4.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@4.4.0

url pkg:npm/getsetdeep@4.5.0-next.1591796420.5cc979fe1db33c56266dd39419b852ff70e6627b

purl pkg:npm/getsetdeep@4.5.0-next.1591796420.5cc979fe1db33c56266dd39419b852ff70e6627b

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@4.5.0-next.1591796420.5cc979fe1db33c56266dd39419b852ff70e6627b

url pkg:npm/getsetdeep@4.5.0

purl pkg:npm/getsetdeep@4.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@4.5.0

url pkg:npm/getsetdeep@4.6.0-next.1592614127.ff32970229ce02303659ef4dc91da1fa34df3165

purl pkg:npm/getsetdeep@4.6.0-next.1592614127.ff32970229ce02303659ef4dc91da1fa34df3165

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@4.6.0-next.1592614127.ff32970229ce02303659ef4dc91da1fa34df3165

url pkg:npm/getsetdeep@4.6.0

purl pkg:npm/getsetdeep@4.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@4.6.0

url pkg:npm/getsetdeep@4.7.0-next.1592694594.bd2591ad7917f4db557b30e318a8fc68e4a2c7a3

purl pkg:npm/getsetdeep@4.7.0-next.1592694594.bd2591ad7917f4db557b30e318a8fc68e4a2c7a3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@4.7.0-next.1592694594.bd2591ad7917f4db557b30e318a8fc68e4a2c7a3

url pkg:npm/getsetdeep@4.7.0

purl pkg:npm/getsetdeep@4.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@4.7.0

url pkg:npm/getsetdeep@4.8.0-next.1592741406.a93d206306bc2ce32aca6d5b260bcc2846c92a26

purl pkg:npm/getsetdeep@4.8.0-next.1592741406.a93d206306bc2ce32aca6d5b260bcc2846c92a26

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@4.8.0-next.1592741406.a93d206306bc2ce32aca6d5b260bcc2846c92a26

url pkg:npm/getsetdeep@4.8.0

purl pkg:npm/getsetdeep@4.8.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@4.8.0

url pkg:npm/getsetdeep@4.9.0-next.1593055243.6a2a8a9dcd4ad3fe88c1e5a658a35b3ddc3d37c3

purl pkg:npm/getsetdeep@4.9.0-next.1593055243.6a2a8a9dcd4ad3fe88c1e5a658a35b3ddc3d37c3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@4.9.0-next.1593055243.6a2a8a9dcd4ad3fe88c1e5a658a35b3ddc3d37c3

url pkg:npm/getsetdeep@4.9.0

purl pkg:npm/getsetdeep@4.9.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@4.9.0

url pkg:npm/getsetdeep@4.10.0-next.1595346425.e73200684df6a6f53aae3ddb67c4ac58527b65a1

purl pkg:npm/getsetdeep@4.10.0-next.1595346425.e73200684df6a6f53aae3ddb67c4ac58527b65a1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@4.10.0-next.1595346425.e73200684df6a6f53aae3ddb67c4ac58527b65a1

url pkg:npm/getsetdeep@4.10.0

purl pkg:npm/getsetdeep@4.10.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@4.10.0

url pkg:npm/getsetdeep@4.11.0-next.1595354998.68eac2afcb96c13e1b536e8893bc4d659c4b9de6

purl pkg:npm/getsetdeep@4.11.0-next.1595354998.68eac2afcb96c13e1b536e8893bc4d659c4b9de6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@4.11.0-next.1595354998.68eac2afcb96c13e1b536e8893bc4d659c4b9de6

url pkg:npm/getsetdeep@4.11.0

purl pkg:npm/getsetdeep@4.11.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@4.11.0

url pkg:npm/getsetdeep@4.12.0

purl pkg:npm/getsetdeep@4.12.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@4.12.0

url pkg:npm/getsetdeep@4.13.0-next.1597696212.73b203b58c241663d31ea82d8d46ebe84d91c376

purl pkg:npm/getsetdeep@4.13.0-next.1597696212.73b203b58c241663d31ea82d8d46ebe84d91c376

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@4.13.0-next.1597696212.73b203b58c241663d31ea82d8d46ebe84d91c376

url pkg:npm/getsetdeep@4.13.0-next.1597696319.47ad792cdaa343f4f818fb4b60f39eab60c4ff32

purl pkg:npm/getsetdeep@4.13.0-next.1597696319.47ad792cdaa343f4f818fb4b60f39eab60c4ff32

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@4.13.0-next.1597696319.47ad792cdaa343f4f818fb4b60f39eab60c4ff32

url pkg:npm/getsetdeep@4.13.0-next.1598189069.3e9c3bf452d1cc0d4e23d84f28dcb1bc3211ae00

purl pkg:npm/getsetdeep@4.13.0-next.1598189069.3e9c3bf452d1cc0d4e23d84f28dcb1bc3211ae00

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@4.13.0-next.1598189069.3e9c3bf452d1cc0d4e23d84f28dcb1bc3211ae00

url pkg:npm/getsetdeep@4.13.0-next.1598781702.20d967ad7c5ad224e09feeb8c8665a5c6e99220a

purl pkg:npm/getsetdeep@4.13.0-next.1598781702.20d967ad7c5ad224e09feeb8c8665a5c6e99220a

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@4.13.0-next.1598781702.20d967ad7c5ad224e09feeb8c8665a5c6e99220a

url pkg:npm/getsetdeep@4.13.0-next.1599076419.60541f0d27c849706157976f9d9f0d23b3ac9eff

purl pkg:npm/getsetdeep@4.13.0-next.1599076419.60541f0d27c849706157976f9d9f0d23b3ac9eff

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@4.13.0-next.1599076419.60541f0d27c849706157976f9d9f0d23b3ac9eff

url pkg:npm/getsetdeep@4.13.0

purl pkg:npm/getsetdeep@4.13.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-rrx6-dr9n-d3cr

resource_url http://public2.vulnerablecode.io/packages/pkg:npm/getsetdeep@4.13.0

References

reference_url

https://www.npmjs.com/advisories/1334

reference_id

reference_type

scores

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.npmjs.com/advisories/1334

reference_url

https://github.com/advisories/GHSA-8j49-49jq-vwcq

reference_id

GHSA-8j49-49jq-vwcq

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-8j49-49jq-vwcq

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1321
name	Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
description	The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

Exploits

Severity_range_score 7.0 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rrx6-dr9n-d3cr

Vulnerability Instance