npm package
mixin-deep
pkg:npm/mixin-deep
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-10746 | — | < 1.3.2 | 1.3.2 | Aug 23, 2019 | mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload. | ||
| CVE-2018-3719 | — | < 1.3.1 | 1.3.1 | Jun 7, 2018 | mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all obj |
- CVE-2019-10746Aug 23, 2019affected < 1.3.2fixed 1.3.2
mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
- CVE-2018-3719Jun 7, 2018affected < 1.3.1fixed 1.3.1
mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all obj