Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2021-40663 Vulnerability in npm package deep.assign

Description

deep.assign npm package 0.0.0-alpha.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution').

Remediation

References

https://github.com/janbialostok/deep-assign/issues/1

https://security.netapp.com/advisory/ntap-20220826-0002/

https://www.npmjs.com/package/deep.assign

Related Vulnerabilities

CVE-2022-41940 Vulnerability in maven package org.webjars.bower:engine.io

CVE-2022-43416 Vulnerability in maven package org.jenkins-ci.plugins:katalon

CVE-2021-32860 Vulnerability in maven package org.webjars.npm:izimodal

CVE-2022-41854 Vulnerability in maven package org.yaml:snakeyaml

CVE-2018-3713 Vulnerability in npm package angular-http-server

Severity

Critical

Classification

CWE-1321 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Issue Tracking Third Party Advisory Product