CVE-2019-10808: Improper Input Validation

March 11, 2020 (updated March 13, 2020)

utilitify allows modification of object properties. The merge method could be tricked into adding or modifying properties of the Object.prototype.

References

nvd.nist.gov/vuln/detail/CVE-2019-10808

Code Behaviors & Features

Detect and mitigate CVE-2019-10808 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →