mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Nov 2023, 03:02
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
29 Oct 2022, 02:31
Type | Values Removed | Values Added |
---|---|---|
First Time |
Fedoraproject
Oracle Fedoraproject fedora Oracle communications Cloud Native Core Network Function Cloud Native Environment |
|
CPE | cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.4.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:* |
|
References |
|
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFNIVG2XYFPZJY3DYYBJASZ7ZMKBMIJT/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UXRA365KZCUNXMU3KDH5JN5BEPNIGUKC/ - Mailing List, Third Party Advisory |
Information
Published : 2019-08-23 17:15
Updated : 2023-12-10 12:59
NVD link : CVE-2019-10746
Mitre link : CVE-2019-10746
CVE.ORG link : CVE-2019-10746
JSON object : View
Products Affected
mixin-deep_project
- mixin-deep
oracle
- communications_cloud_native_core_network_function_cloud_native_environment
fedoraproject
- fedora
CWE
CWE-88
Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')