CVE-2021-23574
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in npm/js-data
Identifiers
CVE-2021-23574
Package Slug
npm/js-data
Vulnerability
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Description
All versions of package js-data is vulnerable to Prototype Pollution via the deepFillIn and the set functions.
Affected Versions
All versions before 3.0.11
Solution
Upgrade to version 3.0.11 or above.
Last Modified
2022-01-13
| source |