CVE-2019-10746

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-10746

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-10746.json

Aliases

GHSA-fhjf-83wg-r2j9
SNYK-JS-MIXINDEEP-450212

Related

ALSA-2021:0549
RLSA-2021:0549

Published

2019-08-23T17:15:13Z

Modified

2024-05-14T06:41:09.543420Z

Summary

[none]

Details

mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.

References

https://snyk.io/vuln/SNYK-JS-MIXINDEEP-450212
https://www.oracle.com//security-alerts/cpujul2021.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFNIVG2XYFPZJY3DYYBJASZ7ZMKBMIJT/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXRA365KZCUNXMU3KDH5JN5BEPNIGUKC/

Affected packages

Git / github.com/jonschlinkert/mixin-deep

Affected ranges

Type: GIT
Repo: https://github.com/jonschlinkert/mixin-deep
Events: Introduced

0The exact introduced commit is unknown

Fixed

754f0c20e1bc13ea5a21a64fbc7d6ba5f7b359b9

Affected versions

1.*

1.0.1

1.1.0

1.1.2

1.1.3

1.2.0

1.3.0

1.3.1