mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: snyk
Published: 2019-08-23T16:43:49
Updated: 2021-07-20T22:53:26
Reserved: 2019-04-03T00:00:00
Link: CVE-2019-10746
JSON object: View
NVD Information
Status : Modified
Published: 2019-08-23T17:15:13.340
Modified: 2023-11-07T03:02:33.093
Link: CVE-2019-10746
JSON object: View
Redhat Information
No data.
CWE