CVE-2021-28860

Prototype Pollution in npm/mixme

Identifiers

GHSA-79jw-6wg7-r9g4, CVE-2021-28860

Package Slug

npm/mixme

Vulnerability

Prototype Pollution

Description

An attacker can add or alter properties of an object via __proto__ through the mutate() and merge() functions. The polluted attribute will be directly assigned to every object in the program. This will put the availability of the program at risk causing a potential denial of service (DoS).

Affected Versions

All versions before 0.5.1

Solution

Upgrade to version 0.5.1 or above.

Last Modified

2021-05-12

source