Skip to content

Prototype Pollution in deap

high severity GitHub Reviewed Published May 31, 2019 • Updated Aug 4, 2021

Package

npm deap (npm)

Affected versions

< 1.0.1

Patched versions

1.0.1

Description

Versions of deap before 1.0.1 are vulnerable to prototype pollution.

Recommendation

Update to version 1.0.1 or later.

References

GHSA ID

GHSA-xrmp-99wj-p6jc

CVSS Score

7.3 High
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L