Prototype Pollution in mout

Description

This affects all versions of package mout. The deepFillIn function can be used to ‘fill missing properties recursively’, while the deepMixIn mixes objects into the target object, recursively mixing existing child objects as well.

Recommendation

Update the mout package to the latest compatible version. Followings are version details:

• Affected version(s): <= 1.2.3
• Patched version(s): 1.2.4

References

• GHSA-vvv8-xw5f-3f88
• snyk.io
• CVE-2022-21213
• CWE-1321
• CAPEC-310
• OWASP 2021-A6

Related Issues

• Prototype Pollution in protobufjs - CVE-2022-25878
• Prototype Pollution in JSON5 via Parse Method - CVE-2022-46175
• Grunt-karma vulnerable to prototype pollution - CVE-2022-37602
• thlorenz browserify-shim vulnerable to prototype pollution - browserify-shim - GHSA-cfgr-75jx-h88g - CVE-2022-37623

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

mout