CVE-2021-21304: Improperly Controlled Modification of Dynamically-Determined Object Attributes

February 8, 2021 (updated October 25, 2022)

In Dynamoose from and there was a prototype pollution vulnerability in the internal utility method lib/utils/object/set.ts. This method is used throughout the codebase for various operations throughout Dynamoose.

References

nvd.nist.gov/vuln/detail/CVE-2021-21304

Detect and mitigate CVE-2021-21304 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →