MidnightBSD

Advisories for defaults-deep_project

CVE-2018-16486 HIGH

A prototype pollution vulnerability was found in defaults-deep <=0.2.4 that would allow a malicious user to inject properties onto Object.prototype.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-400,CWE-74,

Products Affected

Vendor Product Version
defaults-deep_project defaults-deep *
CVE-2018-3723 MEDIUM

defaults-deep node module before 0.2.4 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-471,CWE-20,

Products Affected

Vendor Product Version
defaults-deep_project defaults-deep *