Prototype Pollution in madlib-object-utils - madlib-object-utils

Description

madlib-object-utils before 0.1.7 is vulnerable to Prototype Pollution via setValue.

Recommendation

Update the madlib-object-utils package to the latest compatible version. Followings are version details:

• Affected version(s): < 0.1.7
• Patched version(s): 0.1.7

References

• GHSA-jvf5-q4h5-2jmj
• snyk.io
• CVE-2020-7701
• CWE-1321
• CWE-915
• CAPEC-310
• OWASP 2021-A6
• OWASP 2021-A8

Related Issues

• Prototype Pollution in madlib-object-utils - CVE-2022-24279
• Prototype pollution in chart.js - CVE-2020-7746
• Prototype Pollution in @fabiocaccamo/utils.js - CVE-2021-3815
• Prototype Pollution in lodash - lodash - GHSA-p6mc-m468-83gw - CVE-2020-8203

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

madlib-object-utils