CVE-2023-2972: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

May 30, 2023 (updated June 2, 2023)

Prototype Pollution in GitHub repository antfu/utils prior to 0.7.3.

References

github.com/advisories/GHSA-p2fh-2h23-6grg
github.com/antfu/utils/commit/7f8b16c6181c988bdb96613fbb2533b345f68682
huntr.dev/bounties/009f1cd9-401c-49a7-bd08-be35cff6faef
nvd.nist.gov/vuln/detail/CVE-2023-2972

Code Behaviors & Features

Detect and mitigate CVE-2023-2972 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →