Prototype Pollution in @fabiocaccamo/utils.js

Description

utils.js is vulnerable to Improperly Controlled Modification of Object Prototype Attributes (‘Prototype Pollution’).

Recommendation

Update the @fabiocaccamo/utils.js package to the latest compatible version. Followings are version details:

• Affected version(s): < 0.17.2
• Patched version(s): 0.17.2

References

• GHSA-3xph-cp8f-2229
• huntr.dev
• CVE-2021-3815
• CWE-1321
• CAPEC-310
• OWASP 2021-A6

Related Issues

• Prototype pollution in 101 - CVE-2021-25943
• Baobab vulnerable to Prototype Pollution - CVE-2021-4307
• npm package rfc6902 vulnerable to Prototype Pollution - CVE-2021-4245
• Starcounter-Jack JSON-Patch Prototype Pollution vulnerability - CVE-2021-4279

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

@fabiocaccamo/utils.js