CVE-2021-23426: Prototype Pollution

September 1, 2021 (updated September 9, 2021)

This affects all versions of package Proto. It is possible to inject pollute the object property of an application using Proto by leveraging the merge function.

References

nvd.nist.gov/vuln/detail/CVE-2021-23426

Detect and mitigate CVE-2021-23426 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →