Prototype Pollution in madlib-object-utils

Severity:: High

Description

The package madlib-object-utils before version 0.1.8 is vulnerable to Prototype Pollution via the setValue method, as it allows an attacker to merge object prototypes into it. Note: This vulnerability derives from an incomplete fix of CVE-2020-7701

Recommendation

Update the madlib-object-utils package to the latest compatible version. Followings are version details:

Affected version(s): < 0.1.8
Patched version(s): 0.1.8

References

GHSA-pfv6-prqm-85q8
snyk.io
CVE-2022-24279
CWE-1321
CAPEC-310
OWASP 2021-A6

Related Issues

Prototype Pollution in madlib-object-utils - madlib-object-utils - CVE-2020-7701
thlorenz browserify-shim vulnerable to prototype pollution - browserify-shim - GHSA-cfgr-75jx-h88g - CVE-2022-37623
thlorenz browserify-shim vulnerable to prototype pollution - browserify-shim - CVE-2022-37621
thlorenz browserify-shim vulnerable to prototype pollution - CVE-2022-37617

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:: npm; madlib-object-utils

Anything's wrong? Let us know Last updated on January 27, 2023