deep-object-diff@1.0.1 vulnerabilities

Deep diffs two objects, including nested structures of arrays and objects, and return the difference.

latest version

1.1.9

latest non vulnerable version

1.1.9

first published

8 years ago

latest version published

2 years ago

licenses detected

ISC
>=0.0.1 <1.0.2

View deep-object-diff package health on Snyk Advisor (opens in a new tab)

Go back to all versions of this package

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the deep-object-diff package. This does not include vulnerabilities belonging to this package’s dependencies.

How to fix?

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability Vulnerable Version

Vulnerability	Vulnerable Version
M Prototype Pollution deep-object-diff is a Deep diffs two objects, including nested structures of arrays and objects, and return the difference. Affected versions of this package are vulnerable to Prototype Pollution which allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the 'proto' property to be edited. How to fix Prototype Pollution? Upgrade `deep-object-diff` to version 1.1.9 or higher.	<1.1.9

Prototype Pollution

deep-object-diff is a Deep diffs two objects, including nested structures of arrays and objects, and return the difference.

Affected versions of this package are vulnerable to Prototype Pollution which allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the 'proto' property to be edited.

How to fix Prototype Pollution?

Upgrade deep-object-diff to version 1.1.9 or higher.

<1.1.9

Go back to all versions of this package