deep-defaults@1.0.0 vulnerabilities

Recursive version of _.defaults

  • latest version

    1.0.5

  • first published

    10 years ago

  • latest version published

    6 years ago

  • deprecated

    Package is deprecated

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the deep-defaults package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • C
    Prototype Pollution

    deep-defaults is a Recursive version of _.defaults

    Affected versions of this package are vulnerable to Prototype Pollution due to the _deepDefaults function. An attacker can cause a denial of service and may lead to remote code execution by supplying a malicious value that includes the __proto__ property, leading to the pollution of the Object prototype. This flaw allows for the creation of non-existent properties or manipulation of existing ones, which can disrupt service or potentially allow for arbitrary code execution.

    How to fix Prototype Pollution?

    There is no fixed version for deep-defaults.

    *