VDB
KO
HIGH 7.5

GHSA-pfv6-prqm-85q8

Prototype Pollution in madlib-object-utils

Details

The package madlib-object-utils before version 0.1.8 is vulnerable to Prototype Pollution via the `setValue` method, as it allows an attacker to merge object prototypes into it. *Note:* This vulnerability derives from an incomplete fix of [CVE-2020-7701](https://security.snyk.io/vuln/SNYK-JS-MADLIBOBJECTUTILS-598676)

Are you affected?

Enter the version of the package you're using.

Affected packages

npm / madlib-object-utils
Introduced in: 0 Fixed in: 0.1.8
Fix npm install madlib-object-utils@0.1.8

References