deep-object-diff@1.1.0 vulnerabilities

Deep diffs two objects, including nested structures of arrays and objects, and return the difference.

Direct Vulnerabilities

Known vulnerabilities in the deep-object-diff package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • M
Prototype Pollution

deep-object-diff is a Deep diffs two objects, including nested structures of arrays and objects, and return the difference.

Affected versions of this package are vulnerable to Prototype Pollution which allows an external attacker to edit or add new properties to an object. This is possible because the application does not properly validate incoming JSON keys, thus allowing the 'proto' property to be edited.

How to fix Prototype Pollution?

Upgrade deep-object-diff to version 1.1.9 or higher.

<1.1.9