QwikSec

Security Database

CVE

CWE

Training

CVE-2021-26707

Published: Jun 2, 2021

Modified: Aug 3, 2024

PUBLISHED

Description

The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://www.npmjs.com/package/merge-deep

x_refsource_MISC

https://github.com/jonschlinkert/merge-deep/commit/11e5dd56de8a6aed0b1ed022089dbce6968d82a5

x_refsource_MISC

https://securitylab.github.com/advisories/GHSL-2020-160-merge-deep/

x_refsource_MISC

https://security.netapp.com/advisory/ntap-20210716-0008/

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.