GMS-2018-15: Denial of Service and remote code execution
Utilities function in assign-deep can be tricked into modifying the prototype of “Object” when the attacker control part of the structure passed to these function. This can let an attacker add or modify existing property that will exist on all object. This can lead to denial of service or remote code execution.
References
Detect and mitigate GMS-2018-15 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →