Prototype Pollution in mootools

Description

This affects all versions of package mootools. This is due to the ability to pass untrusted input to Object.merge()

Recommendation

No fix is available yet. Followings are affected versions:

• <= 1.5.2

References

• GHSA-x6hx-7gh3-3q98
• snyk.io
• CVE-2021-23432
• CWE-1321
• CAPEC-310
• OWASP 2021-A6

Related Issues

• Prototype pollution in 101 - CVE-2021-25943
• Baobab vulnerable to Prototype Pollution - CVE-2021-4307
• npm package rfc6902 vulnerable to Prototype Pollution - CVE-2021-4245
• Starcounter-Jack JSON-Patch Prototype Pollution vulnerability - CVE-2021-4279

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

mootools