GHSA-799q-f2px-wx8c: Duplicate Advisory: @alizeait/unflatto Prototype Pollution via `exports.unflatto` Method

March 28, 2025 (updated April 1, 2025)

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-q8jq-4rm5-4hm5. This link is maintained to preserve external references.

Original Description

alizeait unflatto <= 1.0.2 was discovered to contain a prototype pollution via the method exports.unflatto at /dist/index.js. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary properties.

References

gist.github.com/mestrtee/4c5dfb66bea377889c44dd6c8af28713
github.com/advisories/GHSA-799q-f2px-wx8c
github.com/alizeait/unflatto
github.com/alizeait/unflatto/issues/32
nvd.nist.gov/vuln/detail/CVE-2024-38988

Code Behaviors & Features

Detect and mitigate GHSA-799q-f2px-wx8c with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →