vulnerability
Oracle Linux: CVE-2019-10747: ELSA-2021-0549: nodejs:12 security update (MODERATE) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:H/Au:S/C:P/I:P/A:N) | Jun 20, 2019 | Feb 20, 2021 | Jan 8, 2025 |
Severity
4
CVSS
(AV:N/AC:H/Au:S/C:P/I:P/A:N)
Published
Jun 20, 2019
Added
Feb 20, 2021
Modified
Jan 8, 2025
Description
set-value is vulnerable to Prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and _proto_ payloads.
A flaw was found in nodejs-set-value. The function mixin-deep can be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype, or _proto_ payloads. The highest threat from this vulnerability is to data confidentiality and integrity.
A flaw was found in nodejs-set-value. The function mixin-deep can be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype, or _proto_ payloads. The highest threat from this vulnerability is to data confidentiality and integrity.
Solution(s)
oracle-linux-upgrade-nodejsoracle-linux-upgrade-nodejs-develoracle-linux-upgrade-nodejs-docsoracle-linux-upgrade-nodejs-full-i18noracle-linux-upgrade-nodejs-nodemonoracle-linux-upgrade-nodejs-packagingoracle-linux-upgrade-npm
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.