CVE-2022-2564
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') in npm/mongoose
Identifiers
CVE-2022-2564
Package Slug
npm/mongoose
Vulnerability
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Description
Prototype Pollution in GitHub repository automattic/mongoose prior to 6.4.6.
Affected Versions
All versions before 5.13.15, all versions starting from 6.0.0 before 6.4.6
Solution
Upgrade to versions 5.13.15, 6.4.6 or above.
Last Modified
2022-08-04
| source |