CVE-2021-29491: Improper Control of Dynamically-Managed Code Resources

May 6, 2021 (updated December 3, 2021)

Mixme is a library for recursive merging of Javascript objects. In Node.js mixme, an attacker can add or alter properties of an object via proto through the mutate() and merge() functions. The polluted attribute will be directly assigned to every object in the program. This will put the availability of the program at risk causing a potential denial of service (DoS).

References

nvd.nist.gov/vuln/detail/CVE-2021-29491

Detect and mitigate CVE-2021-29491 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →