CVE-2019-10792: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

April 13, 2021

bodymen is vulnerable to Prototype Pollution. The handler function could be tricked into adding or modifying properties of Object.prototype using a proto payload.

References

github.com/advisories/GHSA-8h84-8j4f-p97q
github.com/diegohaz/bodymen/commit/5d52e8cf360410ee697afd90937e6042c3a8653b
nvd.nist.gov/vuln/detail/CVE-2019-10792
snyk.io/vuln/SNYK-JS-BODYMEN-548897

Detect and mitigate CVE-2019-10792 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →