A prototype pollution vulnerability was found in defaults-deep <=0.2.4 that would allow a malicious user to inject properties onto Object.prototype.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-400,CWE-74,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| defaults-deep_project | defaults-deep | * |
defaults-deep node module before 0.2.4 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-471,CWE-20,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| defaults-deep_project | defaults-deep | * |