Vulnerability

CVE-2019-10746

 Report advisory or correction

CVSS Score 9.8 critical

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-88

References

https://github.com/jonschlinkert/mixin-deep/commit/8f464c8ce9761a8c9c2b3457eaeee9d404fa7af9
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2019-10746

[CVE-2019-10746] CWE-88: Argument Injection or Modification

Description

mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.

See mixin-deep package information