Homepage
About Snyk

deobfuscator@2.4.0 vulnerabilities

multipurpose javascript transformer

Go back to all versions of this package
Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the deobfuscator package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Prototype Pollution

deobfuscator is a multipurpose javascript transformer

Affected versions of this package are vulnerable to Prototype Pollution in the LiteralMap transformer. An attacker can execute arbitrary code by providing crafted input to modify properties in the Object prototype.

Note

This is only exploitable if the node is launched without the [--disable-proto=delete][disable-proto] or [--disable-proto=throw][disable-proto] flags.

How to fix Prototype Pollution?

Upgrade deobfuscator to version 2.4.4 or higher.

>=2.0.1 <2.4.4
Go back to all versions of this package