Lucene search
GoogleOSV:GHSA-79JW-6WG7-R9G4HistoryMay 06, 2021 - 3:45 p.m.
Use of Potentially Dangerous Function in mixme
2021-05-0615:45:39
Google
osv.dev
31
mixme
node.js
dangerous function
security risk
denial of service
patch
version 0.5.1
github
issue
commit
EPSS
0.01
Percentile
83.6%
Impact
In Node.js mixme v0.5.0, an attacker can add or alter properties of an object via ‘proto’ through the mutate() and merge() functions. The polluted attribute will be directly assigned to every object in the program. This will put the availability of the program at risk causing a potential denial of service (DoS).
Patches
The problem is corrected starting with version 0.5.1.
References
Issue: https://github.com/adaltas/node-mixme/issues/1
Commit: https://github.com/adaltas/node-mixme/commit/cfd5fbfc32368bcf7e06d1c5985ea60e34cd4028
Related
cve
cve
CVE-2021-29491
2021-05-06 13:15:12
CVE-2021-28860
2021-05-03 12:15:07
osv
osv
Prototype Pollution in mixme
2022-02-10 23:52:01
CVE-2021-28860
2021-05-03 12:15:07
nvd
nvd
CVE-2021-29491
2021-05-06 13:15:12
CVE-2021-28860
2021-05-03 12:15:07
github
github
Prototype Pollution in mixme
2022-02-10 23:52:01
Use of Potentially Dangerous Function in mixme
2021-05-06 15:45:39
veracode
veracode
Prototype Pollution
2022-02-11 09:22:03
prion
prion
Design/Logic Flaw
2021-05-03 12:15:00
cvelist
cvelist
CVE-2021-28860
2021-05-03 11:48:33
CVE-2021-29491
2021-05-06 12:51:37
nodejs
nodejs
Prototype Pollution
2021-05-06 15:47:15