1 results (0.001 seconds)

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 1

express-mock-middleware through 0.0.6 is vulnerable to Prototype Pollution. Exported functions by the package can be tricked into adding or modifying properties of the `Object.prototype`. Exploitation of this vulnerability requires creation of a new directory where an attack code can be placed which will then be exported by `express-mock-middleware`. As such, this is considered to be a low risk. express-mock-middleware versiones hasta 0.0.6, es vulnerable a una Contaminación de Prototipos. Las funciones exportadas por el paquete pueden ser engañadas para agregar o modificar propiedades del "Object.prototype". • https://github.com/LingyuCoder/express-mock-middleware/blob/master/lib/index.js#L39 https://snyk.io/vuln/SNYK-JS-EXPRESSMOCKMIDDLEWARE-564120 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •