Lucene search
Veracode Vulnerability DatabaseVERACODE:34146HistoryFeb 11, 2022 - 9:22 a.m.
Prototype Pollution
2022-02-1109:22:03
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
prototype pollution
mixme
vulnerability
mutate
merge
attacker control
path
modify attributes
EPSS
0.01
Percentile
83.6%
mixme is vulnerable to prototype pollution. The function mutate and merge allows an attacker to get control of value of “path” and modify attributes such as __proto__, constructor and prototype.
References
nodejs.com
github.com/adaltas/node-mixme/commit/cfd5fbfc32368bcf7e06d1c5985ea60e34cd4028
github.com/adaltas/node-mixme/issues/1
github.com/adaltas/node-mixme/security/advisories/GHSA-79jw-6wg7-r9g4
github.com/advisories/GHSA-r5cq-9537-9rpf
security.netapp.com/advisory/ntap-20210618-0005/
www.npmjs.com/~david
Related
github
github
Prototype Pollution in mixme
2022-02-10 23:52:01
nvd
nvd
CVE-2021-28860
2021-05-03 12:15:07
CVE-2021-29491
2021-05-06 13:15:12
prion
prion
Design/Logic Flaw
2021-05-03 12:15:00
cve
cve
CVE-2021-28860
2021-05-03 12:15:07
CVE-2021-29491
2021-05-06 13:15:12
cvelist
cvelist
CVE-2021-28860
2021-05-03 11:48:33
osv
osv
Prototype Pollution in mixme
2022-02-10 23:52:01
CVE-2021-28860
2021-05-03 12:15:07
Use of Potentially Dangerous Function in mixme
2021-05-06 15:45:39