Skip to content

Prototype Pollution in deep-extend

critical severity GitHub Reviewed Published Oct 9, 2018 • Updated Sep 14, 2021

Package

npm deep-extend (npm)

Affected versions

< 0.5.1

Patched versions

0.5.1

Description

Versions of deep-extend before 0.5.1 are vulnerable to prototype pollution.

Recommendation

Update to version 0.5.1 or later.

References

CVE ID

CVE-2018-3750

CVSS Score

9.8 Critical
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H