CVE-2024-36582: object-deep-assign Prototype Pollution

June 17, 2024

alexbinary object-deep-assign 1.0.11 is vulnerable to Prototype Pollution via the extend() method of Module.deepAssign (/src/index.js)

References

gist.github.com/mestrtee/9fe4d3a862c62ce6b2b0d20d4c5fd346
github.com/advisories/GHSA-4xg3-7w7q-856q
github.com/alexbinary/object-deep-assign
nvd.nist.gov/vuln/detail/CVE-2024-36582

Detect and mitigate CVE-2024-36582 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →