Description

The package nested-object-assign before 1.0.4 are vulnerable to Prototype Pollution via the default function, as demonstrated by running the PoC below.

Remediation

References

https://github.com/Geta/NestedObjectAssign/pull/11

https://snyk.io/vuln/SNYK-JS-NESTEDOBJECTASSIGN-1065977

Related Vulnerabilities

CVE-2023-40346 Vulnerability in maven package io.jenkins.plugins:shortcut-job

CVE-2021-46384 Vulnerability in maven package net.mingsoft:ms-mcms

CVE-2023-26115 Vulnerability in npm package word-wrap

CVE-2021-32770 Vulnerability in npm package gatsby-source-wordpress

CVE-2023-44487 Vulnerability in maven package org.eclipse.jetty.http2:http2-common

Severity

Critical

Classification

CWE-1321

Tags

Exploit Patch Third Party Advisory