Vulnerability Description
mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mixin-Deep Project | Mixin-Deep | < 1.3.2 |
| Fedoraproject | Fedora | 30 |
| Oracle | Communications Cloud Native Core Network Function Cloud Native Environment | 1.4.0 |
Related Weaknesses (CWE)
References
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://snyk.io/vuln/SNYK-JS-MIXINDEEP-450212ExploitThird Party Advisory
- https://www.oracle.com//security-alerts/cpujul2021.htmlPatchThird Party Advisory
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
- https://snyk.io/vuln/SNYK-JS-MIXINDEEP-450212ExploitThird Party Advisory
- https://www.oracle.com//security-alerts/cpujul2021.htmlPatchThird Party Advisory
FAQ
What is CVE-2019-10746?
CVE-2019-10746 is a vulnerability with a CVSS score of 9.8 (CRITICAL). mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a con...
How severe is CVE-2019-10746?
CVE-2019-10746 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2019-10746?
Check the references section above for vendor advisories and patch information. Affected products include: Mixin-Deep Project Mixin-Deep, Fedoraproject Fedora, Oracle Communications Cloud Native Core Network Function Cloud Native Environment.