Description

Prototype pollution vulnerability in 'deepref' versions 1.1.1 through 1.2.1 allows attacker to cause a denial of service and may lead to remote code execution.

Remediation

References

https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28274%2Chttps://github.com/isaymatato/deepref/commit/24935e6a1060cb09c641d3075982f0b44cfca4c2

Related Vulnerabilities

CVE-2017-18239 Vulnerability in maven package com.jason-goodwin:authentikat-jwt_2.12

CVE-2023-37478 Vulnerability in npm package @pnpm/win-x64

CVE-2022-29405 Vulnerability in maven package org.apache.archiva:archiva

CVE-2021-23265 Vulnerability in maven package org.craftercms:crafter-core

CVE-2019-1003034 Vulnerability in maven package org.jenkins-ci.plugins:job-dsl

Severity

Critical

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

NVD-CWE-noinfo