Critical severity9.8NVD Advisory· Published Jun 17, 2024· Updated Apr 15, 2026
CVE-2024-36582
CVE-2024-36582
Description
alexbinary object-deep-assign 1.0.11 is vulnerable to Prototype Pollution via the extend() method of Module.deepAssign (/src/index.js)
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
@alexbinary/object-deep-assignnpm | <= 1.0.11 | — |
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
0No linked articles in our index yet.