Prototype Pollution in mout - mout

Severity:: High

Description

This affects all versions of package mout. The deepFillIn function can be used to ‘fill missing properties recursively’, while the deepMixIn ‘mixes objects into the target object, recursively mixing existing child objects as well’. In both cases, the key used to access the target object recursively is not checked, leading to a Prototype Pollution.

Recommendation

Update the mout package to the latest compatible version. Followings are version details:

Affected version(s): < 1.2.3
Patched version(s): 1.2.3

References

GHSA-pc58-wgmc-hfjr
snyk.io
CVE-2020-7792
CWE-1321
CAPEC-310
OWASP 2021-A6

Related Issues

Prototype Pollution in systeminformation - CVE-2020-26245
shvl vulnerable to prototype pollution - CVE-2020-28278
Prototype Pollution in asciitable.js - CVE-2020-7771
Prototype pollution in gsap - CVE-2020-28478

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:: npm; mout

Anything's wrong? Let us know Last updated on January 27, 2023