High severityNVD Advisory· Published Jan 31, 2021· Updated Sep 16, 2024
Prototype Pollution
CVE-2021-23329
Description
The package nested-object-assign before 1.0.4 are vulnerable to Prototype Pollution via the default function, as demonstrated by running the PoC below.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
nested-object-assignnpm | < 1.0.4 | 1.0.4 |
Affected products
2- nested-object-assign/nested-object-assigndescription
Patches
Vulnerability mechanics
References
5- github.com/advisories/GHSA-c497-v8pv-ch6xghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-23329ghsaADVISORY
- github.com/Geta/NestedObjectAssign/pull/11ghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-JS-NESTEDOBJECTASSIGN-1065977ghsax_refsource_MISCWEB
- www.npmjs.com/package/nested-object-assignghsaWEB
News mentions
0No linked articles in our index yet.