GHSA-92v9-xh2q-fq9f

Source

https://github.com/advisories/GHSA-92v9-xh2q-fq9f

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/09/GHSA-92v9-xh2q-fq9f/GHSA-92v9-xh2q-fq9f.json

Aliases

CVE-2021-23442
SNYK-JS-COOKIEXDEEP-1582793

Published

2021-09-20T20:12:38Z

Modified

2023-11-08T04:05:09.906448Z

Details

The npm @cookiex/deep package before version 0.0.7 has a prototype pollution vulnerability. The global proto object can be polluted using the proto object.

References

https://nvd.nist.gov/vuln/detail/CVE-2021-23442
https://github.com/tony-tsx/cookiex-deep/issues/1
https://github.com/tony-tsx/cookiex-deep/commit/b5bea2b7f34a5fa9abb4446cbd038ecdbcd09c88
https://github.com/tony-tsx/cookiex-deep
https://snyk.io/vuln/SNYK-JS-COOKIEXDEEP-1582793

Affected packages

npm / @cookiex/deep

Package

Name: @cookiex/deep

Affected ranges

Type: SEMVER
Events: Introduced

0The exact introduced commit is unknown

Fixed

0.0.7