CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-31106

Underscore.deep is a collection of Underscore mixins that operate on nested objects. Versions of `underscore.deep` prior to version 0.5.3 are vulnerable to a prototype pollution vulnerability. An attacker can craft a malicious payload and pass it to `deepFromFlat`, which would pollute any future Objects created. Any users that have `deepFromFlat` or `deepPick` (due to its dependency on `deepFromFlat`) in their code should upgrade to version 0.5.3 as soon as possible. Users unable to upgrade may mitigate this issue by modifying `deepFromFlat` to prevent specific keywords which will prevent this from happening.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 56.4%

CVSS Severity

CVSS v3 Score 8.3

CVSS v2 Score 7.5

References

Products affected by CVE-2022-31106

Clever » Underscore.deep » Version: 0.0.1

cpe:2.3:a:clever:underscore.deep:0.0.1
Clever » Underscore.deep » Version: 0.0.2

cpe:2.3:a:clever:underscore.deep:0.0.2
Clever » Underscore.deep » Version: 0.0.3

cpe:2.3:a:clever:underscore.deep:0.0.3
Clever » Underscore.deep » Version: 0.0.4

cpe:2.3:a:clever:underscore.deep:0.0.4
Clever » Underscore.deep » Version: 0.0.5

cpe:2.3:a:clever:underscore.deep:0.0.5
Clever » Underscore.deep » Version: 0.1.0

cpe:2.3:a:clever:underscore.deep:0.1.0
Clever » Underscore.deep » Version: 0.2.0

cpe:2.3:a:clever:underscore.deep:0.2.0
Clever » Underscore.deep » Version: 0.3.0

cpe:2.3:a:clever:underscore.deep:0.3.0
Clever » Underscore.deep » Version: 0.4.0

cpe:2.3:a:clever:underscore.deep:0.4.0
Clever » Underscore.deep » Version: 0.5.0

cpe:2.3:a:clever:underscore.deep:0.5.0
Clever » Underscore.deep » Version: 0.5.1

cpe:2.3:a:clever:underscore.deep:0.5.1
Clever » Underscore.deep » Version: 0.5.2

cpe:2.3:a:clever:underscore.deep:0.5.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-31106

Products

Pricing

Contact Us