Published: 07/06/2018 Updated: 28/02/2023

CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 578

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

mixin-deep node module prior to 1.3.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mixin-deep project mixin-deep

Debian Bug report logs - #898315 node-mixin-deep: CVE-2018-3719: Prototype pollution via merging functions Package: src:node-mixin-deep; Maintainer for src:node-mixin-deep is Debian Javascript Maintainers <pkg-javascript-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 1 ...

Debian Bug report logs - #932500 vulnerability: CVE-2019-10746: prototype pollution Package: node-mixin-deep; Maintainer for node-mixin-deep is Debian Javascript Maintainers <pkg-javascript-devel@listsaliothdebianorg>; Source for node-mixin-deep is src:node-mixin-deep (PTS, buildd, popcon) Reported by: Paolo Greppi <pa ...

CWE-20 https://hackerone.com/reports/311236 https://github.com/jonschlinkert/mixin-deep/commit/578b0bc5e74e14de9ef4975f504dc698796bdf9c https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=898315

CVE-2018-3719

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect