GMS-2021-184: Prototype Pollution in mixme
Impact
When copying properties from a source object to a target object, the target object can gain access to certain properties of the source object and modify their content.
Patches
The problem was patch with a more agressive discovery of secured properties to filter out.
References
- github.com/adaltas/node-mixme/commit/db70fe9bcbba451e9f8bd794a9fa7cdfa00125ad
- github.com/adaltas/node-mixme/issues/1
- github.com/adaltas/node-mixme/issues/2
- github.com/adaltas/node-mixme/security/advisories/GHSA-84p7-fh9c-6g8h
- github.com/advisories/GHSA-79jw-6wg7-r9g4
- github.com/advisories/GHSA-84p7-fh9c-6g8h
Detect and mitigate GMS-2021-184 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →