Le 20/07/2019 à 06:32, Paolo Greppi a écrit : > Package: node-mixin-deep > Version: 1.1.3-3 > Severity: important > > Dear Maintainer, > > node-mixin-deep 1.1.3-3 is affected by a prototype pollution vulnerability: > https://snyk.io/vuln/SNYK-JS-MIXINDEEP-450212 > https://github.com/jonschlinkert/mixin-deep/issues/6 > > Please upgrade to either 1.3.2 or 2.0.1. > > Thanks, Paolo
Looking at upstream issue comment, this issue has been already reported by DSA and fixed (#898315, CVE-2018-3719) See https://salsa.debian.org/js-team/node-mixin-deep/blob/master/debian/patches/CVE-2018-3719.diff