Closed mend-for-github-com[bot] closed 4 years ago
Deeply mix the properties of objects into the first object. Like merge-deep, but doesn't clone.
Library home page: https://registry.npmjs.org/mixin-deep/-/mixin-deep-1.3.2.tgz
Path to dependency file: /spotfire-wrapper/package.json
Path to vulnerable library: /tmp/git/spotfire-wrapper/node_modules/mixin-deep/package.json
Dependency Hierarchy: - karma-4.1.0.tgz (Root Library) - braces-2.3.2.tgz - snapdragon-0.8.2.tgz - base-0.11.2.tgz - :x: **mixin-deep-1.3.2.tgz** (Vulnerable Library)
mixin-deep before 1.3.2 is vulnerable to Prototype Pollution.
Publish Date: 2019-07-11
URL: CVE-2019-10746
Base Score Metrics not available
Type: Upgrade version
Origin: https://github.com/jonschlinkert/mixin-deep/commit/8f464c8ce9761a8c9c2b3457eaeee9d404fa7af9
Release Date: 2019-07-11
Fix Resolution: 1.3.2
CVE-2019-10746 - High Severity Vulnerability
Deeply mix the properties of objects into the first object. Like merge-deep, but doesn't clone.
Library home page: https://registry.npmjs.org/mixin-deep/-/mixin-deep-1.3.2.tgz
Path to dependency file: /spotfire-wrapper/package.json
Path to vulnerable library: /tmp/git/spotfire-wrapper/node_modules/mixin-deep/package.json
Dependency Hierarchy: - karma-4.1.0.tgz (Root Library) - braces-2.3.2.tgz - snapdragon-0.8.2.tgz - base-0.11.2.tgz - :x: **mixin-deep-1.3.2.tgz** (Vulnerable Library)
mixin-deep before 1.3.2 is vulnerable to Prototype Pollution.
Publish Date: 2019-07-11
URL: CVE-2019-10746
Base Score Metrics not available
Type: Upgrade version
Origin: https://github.com/jonschlinkert/mixin-deep/commit/8f464c8ce9761a8c9c2b3457eaeee9d404fa7af9
Release Date: 2019-07-11
Fix Resolution: 1.3.2