Vulnerability Details CVE-2019-10746
mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFNIVG2XYFPZJY3DYYBJASZ7ZMKBMIJT/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXRA365KZCUNXMU3KDH5JN5BEPNIGUKC/
- https://snyk.io/vuln/SNYK-JS-MIXINDEEP-450212
- https://www.oracle.com//security-alerts/cpujul2021.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFNIVG2XYFPZJY3DYYBJASZ7ZMKBMIJT/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UXRA365KZCUNXMU3KDH5JN5BEPNIGUKC/
- https://snyk.io/vuln/SNYK-JS-MIXINDEEP-450212
- https://www.oracle.com//security-alerts/cpujul2021.html
Products affected by CVE-2019-10746
-
cpe:2.3:a:mixin-deep_project:mixin-deep:0.1.0
-
cpe:2.3:a:mixin-deep_project:mixin-deep:1.0.0
-
cpe:2.3:a:mixin-deep_project:mixin-deep:1.0.1
-
cpe:2.3:a:mixin-deep_project:mixin-deep:1.1.0
-
cpe:2.3:a:mixin-deep_project:mixin-deep:1.1.1
-
cpe:2.3:a:mixin-deep_project:mixin-deep:1.1.2
-
cpe:2.3:a:mixin-deep_project:mixin-deep:1.1.3
-
cpe:2.3:a:mixin-deep_project:mixin-deep:1.2.0
-
cpe:2.3:a:mixin-deep_project:mixin-deep:1.3.0
-
cpe:2.3:a:mixin-deep_project:mixin-deep:1.3.1
-
cpe:2.3:a:mixin-deep_project:mixin-deep:2.0.0
-
Oracle » Communications Cloud Native Core Network Function Cloud Native Environment » Version: 1.4.0cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.4.0
-
cpe:2.3:o:fedoraproject:fedora:30
-
cpe:2.3:o:fedoraproject:fedora:31