Description
This affects all versions of package x-assign. The global proto object can be polluted using the __proto__ object.
References
https://runkit.com/embed/sq8qjwemyn8t
Third Party AdvisoryURL Repurposed
https://snyk.io/vuln/SNYK-JS-XASSIGN-1759314
ExploitThird Party Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 · Critical
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2021-10-20T13:15:07.537
3 years agoLast modified
2024-02-14T01:17:43.863
1 year ago