Prototype Pollution in deap

Description

Versions of deap before 1.0.1 are vulnerable to prototype pollution.

Recommendation

Update the deap package to the latest compatible version. Followings are version details:

• Affected version(s): < 1.0.1
• Patched version(s): 1.0.1

References

• GHSA-xrmp-99wj-p6jc
• hackerone.com
• www.npmjs.com
• snyk.io
• CWE-400

Related Issues

• Prototype pollution in 101 - CVE-2021-25943
• Use-After-Free in puppeteer - CVE-2019-5786
• Open Redirect in node-forge - CVE-2022-0122
• Denial of service in three - CVE-2020-28496

Tags:

npm

deap