CVE-2023-26105: mde utilities contains Prototype Pollution

February 28, 2023 (updated November 7, 2023)

All versions of the package utilities is vulnerable to Prototype Pollution via the _mix function.

References

github.com/advisories/GHSA-wxfj-84xf-7gxv
github.com/mde/utilities/issues/29
nvd.nist.gov/vuln/detail/CVE-2023-26105
security.snyk.io/vuln/SNYK-JS-UTILITIES-3184491

Detect and mitigate CVE-2023-26105 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →