Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI1Y3EtOTUzNy05cnBm

Prototype Pollution in mixme

Node.js mixme 0.5.0, an attacker can add or alter properties of an object via 'proto' through the mutate() and merge() functions. The polluted attribute will be directly assigned to every object in the program. This will put the availability of the program at risk causing a potential denial of service (DoS).

Permalink: https://github.com/advisories/GHSA-r5cq-9537-9rpf
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXI1Y3EtOTUzNy05cnBm
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: over 1 year ago
Updated: 4 months ago


CVSS Score: 9.1
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Identifiers: GHSA-r5cq-9537-9rpf, CVE-2021-28860
References:

Affected Packages

npm:mixme
Versions: < 0.5.1
Fixed in: 0.5.1