0.001 Low
EPSS
Percentile
43.5%
Versions of assign-deep before 0.4.7 are vulnerable to prototype pollution via merging functions.
assign-deep
Update to version 0.4.7 or later.
github.com/advisories/GHSA-xcvv-84j5-jw9h
github.com/jonschlinkert/assign-deep/commit/19953a8c089b0328c470acaaaf6accdfcb34da11
hackerone.com/reports/310707
nvd.nist.gov/vuln/detail/CVE-2018-3720
www.npmjs.com/advisories/579