extend2@1.0.0 vulnerabilities
Port of jQuery.extend for node.js and the browser
-
latest version
1.0.1
-
latest non vulnerable version
-
first published
7 years ago
-
latest version published
2 years ago
-
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the extend2 package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
extend2 is a forked from node-extend, the difference is overriding array as primitive when deep clone. Affected versions of this package are vulnerable to Prototype Pollution via the POC:
How to fix Prototype Pollution? Upgrade |
<1.0.1
|