assign-deep@0.3.0 vulnerabilities
Deeply assign the values of all enumerable-own-properties and symbols from one or more source objects to a target object. Returns the target object.
latest version
1.0.1
latest non vulnerable version
first published
9 years ago
latest version published
5 years ago
licenses detected
- >=0
Direct Vulnerabilities
Known vulnerabilities in the assign-deep package. This does not include vulnerabilities belonging to this package’s dependencies.
How to fix?
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free| Vulnerability | Vulnerable Version |
|---|---|
assign-deep is a library for deeply assigning the values of all enumerable-own-properties and symbols from one or more source objects to a target object. Affected versions of this package are vulnerable to Prototype Pollution. The function How to fix Prototype Pollution? Upgrade | >=1.0.0 <1.0.1<0.4.8 |
assign-deep is a library for deeply assigning the values of all enumerable-own-properties and symbols from one or more source objects to a target object. Affected versions of this package are vulnerable to Prototype Pollution
via merging functions. These functions allows a malicious user to modify the prototype of How to fix Prototype Pollution? Upgrade | <0.4.7 |