GHSA-9534-h433-2rjf

Source

https://github.com/advisories/GHSA-9534-h433-2rjf

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-9534-h433-2rjf/GHSA-9534-h433-2rjf.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-9534-h433-2rjf

Aliases

CVE-2019-10808

Published

2021-05-07T16:28:47Z

Modified

2026-03-13T21:56:27.623146Z

Severity

8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

Improperly Controlled Modification of Dynamically-Determined Object Attributes in utilitify

Details

utilitify prior to 1.0.3 allows modification of object properties. The merge method could be tricked into adding or modifying properties of the Object.prototype.

Database specific

{
    "github_reviewed_at": "2021-05-03T18:04:07Z",
    "nvd_published_at": "2020-03-11T23:15:00Z",
    "cwe_ids": [
        "CWE-1321",
        "CWE-915"
    ],
    "severity": "HIGH",
    "github_reviewed": true
}

References

Affected packages

npm / utilitify

Package

Name: utilitify; View open source insights on deps.dev
Purl: pkg:npm/utilitify

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.0.3

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-9534-h433-2rjf/GHSA-9534-h433-2rjf.json"