CVE-2022-25296: Prototype Pollution in bodymen

March 17, 2022 (updated March 24, 2022)

The package bodymen from 0.0.0 is vulnerable to Prototype Pollution via the handler function which could be tricked into adding or modifying properties of Object.prototype using a proto payload. Note: This vulnerability derives from an incomplete fix to CVE-2019-10792

References

github.com/advisories/GHSA-vhxc-fhm5-qcp9
nvd.nist.gov/vuln/detail/CVE-2022-25296
snyk.io/vuln/SNYK-JS-BODYMEN-2342623

Detect and mitigate CVE-2022-25296 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →