Description

The package nested-object-assign before 1.0.4 are vulnerable to Prototype Pollution via the default function, as demonstrated by running the PoC below.

Remediation

References

https://github.com/Geta/NestedObjectAssign/pull/11

https://snyk.io/vuln/SNYK-JS-NESTEDOBJECTASSIGN-1065977

Related Vulnerabilities

CVE-2023-22580 Vulnerability in npm package sequelize

CVE-2021-42697 Vulnerability in maven package com.typesafe.akka:akka-http

CVE-2021-42697 Vulnerability in maven package com.typesafe.akka:akka-http-core

CVE-2023-31999 Vulnerability in npm package @fastify/oauth2

CVE-2023-36820 Vulnerability in maven package io.micronaut.security:micronaut-security-oauth2

Severity

Critical

Classification

CWE-1321

Tags

Exploit Patch Third Party Advisory