Critical severityNVD Advisory· Published Aug 23, 2019· Updated Aug 4, 2024
CVE-2019-10746
CVE-2019-10746
Description
mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
mixin-deepnpm | < 1.3.2 | 1.3.2 |
mixin-deepnpm | >= 2.0.0, < 2.0.1 | 2.0.1 |
Affected products
4- mixin-deep/mixin-deepdescription
- ghsa-coords3 versions
< 1.3.2+ 2 more
- (no CPE)range: < 1.3.2
- (no CPE)range: < 2.0.3-1.module_el8.4.0+2521+c668cc9f
- (no CPE)range: < 17-3.module_el8.4.0+2224+b07ac28e
Patches
Vulnerability mechanics
References
11- github.com/advisories/GHSA-fhjf-83wg-r2j9ghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFNIVG2XYFPZJY3DYYBJASZ7ZMKBMIJT/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXRA365KZCUNXMU3KDH5JN5BEPNIGUKC/mitrevendor-advisoryx_refsource_FEDORA
- nvd.nist.gov/vuln/detail/CVE-2019-10746ghsaADVISORY
- github.com/jonschlinkert/mixin-deep/commit/8f464c8ce9761a8c9c2b3457eaeee9d404fa7af9ghsaWEB
- github.com/jonschlinkert/mixin-deep/commit/90ee1fab375fccfd9b926df718243339b4976d50ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFNIVG2XYFPZJY3DYYBJASZ7ZMKBMIJTghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UXRA365KZCUNXMU3KDH5JN5BEPNIGUKCghsaWEB
- snyk.io/vuln/SNYK-JS-MIXINDEEP-450212ghsax_refsource_MISCWEB
- www.npmjs.com/advisories/1013ghsaWEB
- www.oracle.com//security-alerts/cpujul2021.htmlghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.