Description
All versions of smart-extend are vulnerable to Prototype Pollution. The deep() function allows attackers to modify the prototype of Object causing the addition or modification of an existing property that will exist on all objects.
Recommendation
No fix is available yet. Followings are affected versions:
- >= 0
References
Related Issues
- Prototype Pollution in lodash.defaultsdeep - Vulnerability
- node-opcua-alarm-condition prototype pollution vulnerability - CVE-2024-57086
- @intlify/shared Prototype Pollution vulnerability - CVE-2024-52810
- @intlify/shared Prototype Pollution vulnerability - vue-i18n - CVE-2024-52810
You might also like:
- Tags:
- npm
- smart-extend
Anything's wrong? Let us know Last updated on January 09, 2023


