CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2024-38983
https://notcve.org/view.php?id=CVE-2024-38983
30 Jul 2024 — Prototype Pollution in alykoshin mini-deep-assign v0.0.8 allows an attacker to execute arbitrary code or cause a Denial of Service (DoS) and cause other impacts via the _assign() method at (/lib/index.js:91) Prototype Pollution en alykoshin mini-deep-assign v0.0.8 permite a un atacante ejecutar código arbitrario o causar una denegación de servicio (DoS) y causar otros impactos a través del método _assign() en (/lib/index.js:91) • https://gist.github.com/mestrtee/f82d0c3a8fe3a125f06425caef5d22ed • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2024-36582
https://notcve.org/view.php?id=CVE-2024-36582
17 Jun 2024 — alexbinary object-deep-assign 1.0.11 is vulnerable to Prototype Pollution via the extend() method of Module.deepAssign (/src/index.js) alexbinary object-deep-assign 1.0.11 es vulnerable a Prototype Pollution a través del método extend() de Module.deepAssign (/src/index.js) • https://gist.github.com/mestrtee/9fe4d3a862c62ce6b2b0d20d4c5fd346 • CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') •