CVE-2021-40663

Published June 30th, 2022

View on NVD ↗

CVSS v3

9.8

CRITICAL

CVSS v2

7.5

HIGH

Affected

2

PROJECTS

Description

deep.assign npm package 0.0.0-alpha.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution').

a deep assignment implementation that does not use recursion

NPM

janbialostok/deep-assign

An implementation of a deep assignment algorithm that does not use recursion

GitHub