CVE-2021-23558: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

January 28, 2022 (updated February 4, 2022)

The package bmo is vulnerable to Prototype Pollution due to missing sanitization in set function.

References

github.com/b-heilman/bmoor/commit/29b0162cc1dc1791fc060891f568b0ae29bc542b
nvd.nist.gov/vuln/detail/CVE-2021-23558
snyk.io/blog/remediate-javascript-type-confusion-bypassed-input-validation/
snyk.io/vuln/SNYK-JS-BMOOR-2342622

Detect and mitigate CVE-2021-23558 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →