Home > Vulnerability Database > WS-2021-0379

Mend.io Vulnerability Database

WS-2021-0379

Good to know:

Date: August 19, 2025

In Node.js mixme, prior to v0.5.2,When copying properties from a source object to a target object, the target object can gain access to certain properties of the source object and modify their content.

Language: COFFEE_SCRIPT

Severity Score

7.5

Related Resources (7)

Url: https://github.com/adaltas/node-mixme/issues/1

Url: https://github.com/adaltas/node-mixme/issues/2

Url: https://github.com/adaltas/node-mixme/commit/db70fe9bcbba451e9f8bd794a9fa7cdfa00125ad

Url: https://github.com/adaltas/node-mixme/security/advisories/GHSA-84p7-fh9c-6g8h

Url: https://github.com/advisories/GHSA-79jw-6wg7-r9g4

Url: https://github.com/adaltas/node-mixme

Url: https://www.mend.io/vulnerability-database/WS-2021-0379

Severity Score

7.5

Weakness Type (CWE)

Improper Control of Generation of Code ('Code Injection')

CWE-94

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CWE-1321

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2021-0379

Good to know:

Date: August 19, 2025

Language: COFFEE_SCRIPT

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?