CVSS: 9.8EPSS: 0%CPEs: 5EXPL: 2CVE-2019-10746 – nodejs-mixin-deep: prototype pollution in function mixin-deep
https://notcve.org/view.php?id=CVE-2019-10746
23 Aug 2019 — mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload. mixin-deep es vulnerable a Prototype Pollution en versiones anteriores a 1.3.2 y 2.0.0. La función mixin-deep podría ser engañada para agregar o modificar propiedades de Object.prototype usando una carga útil del constructor. A flaw was found in Nodejs's mixin-deep prior to versions 1.3.2 and ... • https://github.com/ossf-cve-benchmark/CVE-2019-10746 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') CWE-471: Modification of Assumed-Immutable Data (MAID) •