node.extend is vulnerable to prototype pollution attacks. An attacker is able to inject arbitrary properties into Object.prototype
to add or modify properties due to a lack of object validation.
CPE | Name | Operator | Version |
---|---|---|---|
node.extend | eq | 2.0.0 | |
node.extend | le | 1.1.6 |