Open debricked[bot] opened 4 years ago
set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and proto payloads.Read more at Debricked: http://app.debricked.com/en/service/vulnerability/128474
Testing progress.
WeDoSoftware
commented
4 years ago
set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and proto payloads.
Read more at Debricked: http://app.debricked.com/en/service/vulnerability/128474