GHSA-pjxw-22xf-6pwc

Suggest an improvement
Source
https://github.com/advisories/GHSA-pjxw-22xf-6pwc
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/02/GHSA-pjxw-22xf-6pwc/GHSA-pjxw-22xf-6pwc.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-pjxw-22xf-6pwc
Aliases
  • CVE-2018-16486
Published
2019-02-07T18:16:38Z
Modified
2023-11-08T04:00:00.749502Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Prototype Pollution in defaults-deep
Details

All versions of defaults-deep are vulnerable to prototype pollution. Provided certain input defaults-deep can add or modify properties of the Object prototype. These properties will be present on all objects.

Recommendation

As no patch is currently available for this vulnerability it is our recommendation to select another module that can provide this functionality.

Database specific 
{
    "nvd_published_at": null,
    "cwe_ids": [
        "CWE-345",
        "CWE-400"
    ],
    "severity": "CRITICAL",
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:49:31Z"
}
References

Affected packages

npm / defaults-deep

Package

Name
defaults-deep
View open source insights on deps.dev
Purl
pkg:npm/defaults-deep

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Last affected
0.2.4

Database specific

source 
"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/02/GHSA-pjxw-22xf-6pwc/GHSA-pjxw-22xf-6pwc.json"