CVE-2021-23426 Vulnerability in npm package proto

Description

This affects all versions of package Proto. It is possible to inject pollute the object property of an application using Proto by leveraging the merge function.

Remediation

References

https://snyk.io/vuln/SNYK-JS-PROTO-1316301

https://www.npmjs.com/package/Proto

Related Vulnerabilities

CVE-2015-9286 Vulnerability in npm package nodebb

CVE-2019-18212 Vulnerability in maven package org.lsp4xml:org.eclipse.lsp4xml.extensions.web

CVE-2018-20059 Vulnerability in maven package ro.pippo:pippo-jaxb

CVE-2020-28471 Vulnerability in npm package properties-reader

CVE-2023-29199 Vulnerability in npm package vm2

Severity

High

Classification

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N