Source: node-set-value Version: 0.4.0-1 Severity: important Tags: security upstream Control: found -1 3.0.0-1
Hi, The following vulnerability was published for node-set-value. CVE-2019-10747[0]: | set-value is vulnerable to Prototype Pollution in versions lower than | 3.0.1. The function mixin-deep could be tricked into adding or | modifying properties of Object.prototype using any of the constructor, | prototype and _proto_ payloads. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2019-10747 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10747 [1] https://snyk.io/vuln/SNYK-JS-SETVALUE-450213 Regards, Salvatore -- Pkg-javascript-devel mailing list Pkg-javascript-devel@alioth-lists.debian.net https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-javascript-devel
