CVE-2021-23442

Improperly Controlled Modification of Dynamically-Determined Object Attributes in npm/@cookiex/deep

Identifier

CVE-2021-23442

Package Slug

npm/@cookiex/deep

Vulnerability

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Description

This affects all versions of package @cookiex/deep. The global proto object can be polluted using the __proto__ object.

Affected Versions

All versions before 0.0.6

Solution

Upgrade to version 0.0.6 or above.

Last Modified

2021-09-30

source