CVE-2021-23329

Geta/NestedObjectAssign

on github

Published

January 31, 2021

Severity

CVSS v3:

7.5 HIGH

CVSS v2:

5 MEDIUM

Description

The package nested-object-assign before 1.0.4 are vulnerable to Prototype Pollution via the default function, as demonstrated by running the PoC below.

References

https://github.com/Geta/NestedObjectAssign/pull/11
https://snyk.io/vuln/SNYK-JS-NESTEDOBJECTASSIGN-1065977

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:getadigital:nested-object-assign::::::node.js::*	n/a	1.0.4	*

External Links

NVD - CVE-2021-23329