jonschlinkert/assign-deep

Releases12

Frequency4 months 1 week

Last Release almost 7 years ago

Stars78

Deeply assign the enumerable properties of source objects to a destination object.

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2018-3720 ↗	Jun 7, 2018Thursday, 7 June 2018, 02:29	8.8 HIGH	6.5 MEDIUM
assign-deep node module before 0.4.7 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.