Vulnerability Details CVE-2021-40663
deep.assign npm package 0.0.0-alpha.0 is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution').
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 34.0%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://github.com/janbialostok/deep-assign/issues/1
- https://security.netapp.com/advisory/ntap-20220826-0002/
- https://www.npmjs.com/package/deep.assign
- https://github.com/janbialostok/deep-assign/issues/1
- https://security.netapp.com/advisory/ntap-20220826-0002/
- https://www.npmjs.com/package/deep.assign
Products affected by CVE-2021-40663
-
cpe:2.3:a:deep.assign_project:deep.assign:0.0.0