Prototype Pollution in madlib-object-utils

Severity:: High

Description

The package madlib-object-utils before version 0.1.8 is vulnerable to Prototype Pollution via the setValue method, as it allows an attacker to merge object prototypes into it. Note: This vulnerability derives from an incomplete fix of CVE-2020-7701

Recommendation

Update the madlib-object-utils package to the latest compatible version. Followings are version details:

Affected version(s): < 0.1.8
Patched version(s): 0.1.8

References

GHSA-pfv6-prqm-85q8
snyk.io
CVE-2022-24279
CWE-1321
CAPEC-310
OWASP 2021-A6

Related Issues

static-server Path Traversal vulnerability - CVE-2023-26152
chromedriver Downloads Resources over HTTP - CVE-2016-10579
Denial of service in http-proxy-middleware - CVE-2024-21536
parse is vulnerable to prototype pollution - CVE-2025-57324

Tags:: npm; madlib-object-utils

Anything's wrong? Let us know Last updated on January 27, 2023