CVE-2019-10746

Summary

mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.

Affected Software

VendorProductVersion RangeStatus
n/amixin-deepAll versions before 1.3.2 and version 2.0.0.affected

Weaknesses

  • Prototype Pollution

ADP Enrichment

CVE Program Container

Additional References

References