Homepage
About Snyk

deep-defaults@1.0.2 vulnerabilities

Recursive version of _.defaults

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the deep-defaults package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • C
Prototype Pollution

deep-defaults is a Recursive version of _.defaults

Affected versions of this package are vulnerable to Prototype Pollution due to the _deepDefaults function. An attacker can cause a denial of service and may lead to remote code execution by supplying a malicious value that includes the __proto__ property, leading to the pollution of the Object prototype. This flaw allows for the creation of non-existent properties or manipulation of existing ones, which can disrupt service or potentially allow for arbitrary code execution.

How to fix Prototype Pollution?

There is no fixed version for deep-defaults.

*
Go back to all versions of this package