RSS   Vulnerabilities for 'Set-value'   RSS

2019-08-23
 
CVE-2019-10747

CWE-400
 

 
set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and _proto_ payloads.

 


Copyright 2024, cxsecurity.com

 

Back to Top