Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS05MnY5LXhoMnEtZnE5Zs0V4Q
Prototype Pollution in cookiex/deep
The npm @cookiex/deep package before version 0.0.7 has a prototype pollution vulnerability. The global proto object can be polluted using the proto object.
Permalink: https://github.com/advisories/GHSA-92v9-xh2q-fq9fJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS05MnY5LXhoMnEtZnE5Zs0V4Q
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 3 years ago
Updated: over 1 year ago
CVSS Score: 8.6
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:L
Identifiers: GHSA-92v9-xh2q-fq9f, CVE-2021-23442
References:
- https://nvd.nist.gov/vuln/detail/CVE-2021-23442
- https://github.com/tony-tsx/cookiex-deep/issues/1
- https://github.com/tony-tsx/cookiex-deep/commit/b5bea2b7f34a5fa9abb4446cbd038ecdbcd09c88
- https://snyk.io/vuln/SNYK-JS-COOKIEXDEEP-1582793
- https://github.com/advisories/GHSA-92v9-xh2q-fq9f
Blast Radius: 2.6
Affected Packages
npm:@cookiex/deep
Dependent packages: 6Dependent repositories: 2
Downloads: 72 last month
Affected Version Ranges: < 0.0.7
Fixed in: 0.0.7
All affected versions: 0.0.1, 0.0.2, 0.0.3, 0.0.4, 0.0.5, 0.0.6
All unaffected versions: 0.0.7