CVE-2019-10806

Summary

vega-util prior to 1.13.1 allows manipulation of object prototype. The 'vega.mergeConfig' method within vega-util could be tricked into adding or modifying properties of the Object.prototype.

Affected Software

VendorProductVersion RangeStatus
n/avega-utilAll versions prior to 1.13.1affected

Weaknesses

  • Prototype Pollution

ADP Enrichment

CVE Program Container

Additional References

References