Description
The utilities function in all versions < 1.0.1 of the deap node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.
Recommendation
Update the deap package to the latest compatible version. Followings are version details:
- Affected version(s): < 1.0.1
- Patched version(s): 1.0.1
References
Related Issues
- Improper Input Validation in url-js - CVE-2022-25839
- Apostrophe has a Weak Password Recovery Mechanism for Forgotten Password and Improper Input Validation - CVE-2026-45013
- Cisco node-jose improper validation of JWT signature - CVE-2018-0114
- bson-objectid contains Improper input validation - CVE-2019-19729
You might also like:
- Tags:
- npm
- deap
Anything's wrong? Let us know Last updated on January 27, 2023