mixin-deep 1.3.0
Prototype Pollution in mixin-deep
critical severity CVE-2019-10746< 1.3.2
Versions of mixin-deep prior to 2.0.1 or 1.3.2 are vulnerable to Prototype Pollution. The mixinDeep function fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects.
Recommendation
If you are using mixin-deep 2.x, upgrade to version 2.0.1 or later.
If you are using mixin-deep 1.x, upgrade to version 1.3.2 or later.
Prototype Pollution in mixin-deep
low severity CVE-2018-3719< 1.3.1
Versions of mixin-deep before 1.3.1 are vulnerable to prototype pollution via merging functions.
Recommendation
Update to version 1.3.1 or later.
Author did not declare license for this package in the source code.
This package version has a MIT license in the source code, however it was not declared in the source code.
This package version is available.
This package version has not been yanked and is still available for usage.