CVE-2021-23395: Prototype Pollution

June 21, 2021

This affects all versions of package nedb. The library could be tricked into adding or modifying properties of Object.prototype using a proto or constructor.prototype payload.

References

github.com/advisories/GHSA-339j-hqgx-qrrx
nvd.nist.gov/vuln/detail/CVE-2021-23395
snyk.io/vuln/SNYK-JS-NEDB-1305279

Detect and mitigate CVE-2021-23395 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →