Home > Vulnerability Database > WS-2019-0216

Mend.io Vulnerability Database

WS-2019-0216

Good to know:

Date: June 23, 2019

deeplyversions before 3.1.0 has a Prototype Pollution vulnerability when failing to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects.

Language: JS

Severity Score

5.5

Related Resources (2)

Url: https://github.com/alexindigo/deeply/commit/6eccb2f03ec8d3eefc6805053c4cc2a36aab1505

Url: https://www.mend.io/vulnerability-database/WS-2019-0216

Severity Score

5.5

Weakness Type (CWE)

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CWE-1321

Top Fix

Upgrade Version

Upgrade to version 3.1.0

Learn More

CVSS v3.1

Base Score:	5.5
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

WS-2019-0216

Good to know:

Date: June 23, 2019

Language: JS

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?