CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 2CVE-2019-10746 – nodejs-mixin-deep: prototype pollution in function mixin-deep
https://notcve.org/view.php?id=CVE-2019-10746
23 Aug 2019 — mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload. mixin-deep es vulnerable a Prototype Pollution en versiones anteriores a 1.3.2 y 2.0.0. La función mixin-deep podría ser engañada para agregar o modificar propiedades de Object.prototype usando una carga útil del constructor. A flaw was found in Nodejs's mixin-deep prior to versions 1.3.2 and ... • https://github.com/ossf-cve-benchmark/CVE-2019-10746 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') CWE-471: Modification of Assumed-Immutable Data (MAID) •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-3719
https://notcve.org/view.php?id=CVE-2018-3719
07 Jun 2018 — mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. El módulo de node mixin-deep en versiones anteriores a la 1.3.1 se ve afectada por una vulnerabilidad MAID (modificación de datos asumidos como asumible), lo que permite que un usuario malicioso modifique el prototipo de "Obje... • https://github.com/ossf-cve-benchmark/CVE-2018-3719 • CWE-20: Improper Input Validation CWE-471: Modification of Assumed-Immutable Data (MAID) •