Severity: moderate

Prototype Pollution

just-extend

Overview

Versions of just-extend before 4.0.0 are vulnerable to prototype pollution. Provided certain input just-extend can add or modify properties of the Object prototype. These properties will be present on all objects.

Remediation

Update to version 4.0.0 or later.

Resources

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory Published
    Feb 6th, 2019
  2. reported

    Feb 6th, 2019