Assign-Deep Project Assign-Deep vulnerabilities
2 known vulnerabilities affecting assign-deep_project/assign-deep.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH2
Vulnerabilities
Page 1 of 1
CVE-2019-10745HIGHCVSS 7.5fixed in 0.4.8v1.0.0+1 more2019-08-20
CVE-2019-10745 [HIGH] CWE-1321 CVE-2019-10745: assign-deep is vulnerable to Prototype Pollution in versions before 0.4.8 and version 1.0.0. The fun
assign-deep is vulnerable to Prototype Pollution in versions before 0.4.8 and version 1.0.0. The function assign-deep could be tricked into adding or modifying properties of Object.prototype using either a constructor or a _proto_ payload.
cvelistv5ghsanvdosv
CVE-2018-3720HIGHCVSS 8.8fixed in 0.4.72018-06-07
CVE-2018-3720 [HIGH] CWE-471 CVE-2018-3720: assign-deep node module before 0.4.7 suffers from a Modification of Assumed-Immutable Data (MAID) vu
assign-deep node module before 0.4.7 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.
ghsanvdosv