Prototype Pollution in sey

Description

All versions of package sey are vulnerable to Prototype Pollution via the deepmerge() function.

Recommendation

No fix is available yet. Followings are affected versions:

• <= 0.3.0

References

• GHSA-wjpc-cgvw-xx23
• snyk.io
• CVE-2021-23663
• CWE-1321
• CAPEC-310
• OWASP 2021-A6

Related Issues

• Prototype pollution in 101 - CVE-2021-25943
• npm package rfc6902 vulnerable to Prototype Pollution - CVE-2021-4245
• Baobab vulnerable to Prototype Pollution - CVE-2021-4307
• Starcounter-Jack JSON-Patch Prototype Pollution vulnerability - CVE-2021-4279

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

sey