deep.assign

Releases1

Frequency

Last Release almost 9 years ago

a deep assignment implementation that does not use recursion

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2021-40663 ↗	Jun 30, 2022Thursday, 30 June 2022, 12:15	9.8 CRITICAL	7.5 HIGH
deep.assign npm package 0.0.0-alpha.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution').