You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
According to https://hackerone.com/reports/311333, deep-extend is vulnerable to prototype pollution attacks. The vulnerability exists in the utility function where the prototype of Object can be overwritten to add or modify existing property on all objects.
Could you fix this as deep-extend is used in other packages such as https://github.com/dominictarr/rc
Thank you.
The text was updated successfully, but these errors were encountered:
lc3t35
changed the title
Fix
Fix prototype pollution vulnerability
Apr 21, 2018
According to https://hackerone.com/reports/311333, deep-extend is vulnerable to prototype pollution attacks. The vulnerability exists in the utility function where the prototype of
Object
can be overwritten to add or modify existing property on all objects.Could you fix this as deep-extend is used in other packages such as https://github.com/dominictarr/rc
Thank you.
The text was updated successfully, but these errors were encountered: