A Node.js based library for controlling a Parrot minidrone. This library also provides the feature to take pictures from the drone, download them all at a time and delete them whenever required.
Apache License 2.0
20
stars
5
forks
source link
CVE-2019-10746 (High) detected in mixin-deep-1.3.1.tgz #16
mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
CVE-2019-10746 - High Severity Vulnerability
Deeply mix the properties of objects into the first object. Like merge-deep, but doesn't clone.
Library home page: https://registry.npmjs.org/mixin-deep/-/mixin-deep-1.3.1.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/mixin-deep/package.json
Dependency Hierarchy: - babel-cli-6.26.0.tgz (Root Library) - chokidar-1.7.0.tgz - readdirp-2.2.1.tgz - micromatch-3.1.10.tgz - snapdragon-0.8.2.tgz - base-0.11.2.tgz - :x: **mixin-deep-1.3.1.tgz** (Vulnerable Library)
Found in HEAD commit: d1dea4351f1a0413701f540fa46610ceccec4a91
mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
Publish Date: 2019-08-23
URL: CVE-2019-10746
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Release Date: 2019-08-23
Fix Resolution: 1.3.2,2.0.1
Step up your Open Source Security Game with Mend here