Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Prototype Pollution
Vulnerability Description
This affects all versions of package mout. The deepFillIn function can be used to 'fill missing properties recursively', while the deepMixIn mixes objects into the target object, recursively mixing existing child objects as well. In both cases, the key used to access the target object recursively is not checked, leading to exploiting this vulnerability. **Note:** This vulnerability derives from an incomplete fix of [CVE-2020-7792](https://security.snyk.io/vuln/SNYK-JS-MOUT-1014544).
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
N/A
Vulnerability Title
Mout 安全漏洞
Vulnerability Description
Mout是Mout团队的一个基于Javascript的为JS编程提供模块支持的代码库。 Mout存在安全漏洞,该漏洞源于在deepFillIn函数用于“fill missing properties recursively”,同时deepMixIn将对象混合到目标对象中,同时递归地混合现有的子对象时,不会检查用于递归访问目标对象的密钥。
CVSS Information
N/A
Vulnerability Type
N/A