RSS   Podatności dla 'Mixme'   RSS

2021-05-06
 
CVE-2021-29491

CWE-913
 

 
Mixme is a library for recursive merging of Javascript objects. In Node.js mixme v0.5.0, an attacker can add or alter properties of an object via 'proto' through the mutate() and merge() functions. The polluted attribute will be directly assigned to every object in the program. This will put the availability of the program at risk causing a potential denial of service (DoS). The problem is corrected starting with version 0.5.1; no workarounds are known to exist.

 
2021-05-03
 
CVE-2021-28860

NVD-CWE-Other
 

 
In Node.js mixme, prior to v0.5.1, an attacker can add or alter properties of an object via '__proto__' through the mutate() and merge() functions. The polluted attribute will be directly assigned to every object in the program. This will put the availability of the program at risk causing a potential denial of service (DoS).

 


Copyright 2024, cxsecurity.com

 

Back to Top