CVE-2023-26135: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

June 30, 2023 (updated February 7, 2024)

All versions of the package flatnest is vulnerable to Prototype Pollution via the nest() function in flatnest/nest.js file.

References

github.com/brycebaril/node-flatnest/blob/b7d97ec64a04632378db87fcf3577bd51ac3ee39/nest.js%23L43
github.com/brycebaril/node-flatnest/issues/4
nvd.nist.gov/vuln/detail/CVE-2023-26135
security.snyk.io/vuln/SNYK-JS-FLATNEST-3185149

Detect and mitigate CVE-2023-26135 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →