← volver
CVE-2021-23568

Prototype Pollution

CVSS 7.3 HIGHEPSS 1.5%
The package extend2 before 1.0.1 are vulnerable to Prototype Pollution via the extend function due to unsafe recursive merge.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P
Productos afectados
n/a · extend2

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/eggjs/extend2/blob/master/index.js%23L50-L60https://github.com/eggjs/extend2/commit/aa332a59116c8398976434b57ea477c6823054f8https://github.com/eggjs/extend2/pull/2https://snyk.io/vuln/SNYK-JS-EXTEND2-2320315