CVE-2022-24279: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

April 15, 2022 (updated April 25, 2022)

The package madlib-object-utils before 0.1.8 is vulnerable to Prototype Pollution via the setValue method, as it allows an attacker to merge object prototypes into it. Note, This vulnerability derives from an incomplete fix of CVE-2020-7701

References

github.com/Qwerios/madlib-object-utils/commit/8d5d54c11c8fb9a7980a99778329acd13e3ef98f
nvd.nist.gov/vuln/detail/CVE-2022-24279
snyk.io/vuln/SNYK-JS-MADLIBOBJECTUTILS-2388572

Code Behaviors & Features

Detect and mitigate CVE-2022-24279 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →