Vulnerable Package issue exists @ Npm-set-value-0.4.3 in branch master
set-value is vulnerable to Prototype Pollution before 2.0.1 and 3.x before 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and proto payloads.
Namespace: RobertMickleCx
Repository: NodeGoat
Repository Url: https://github.com/RobertMickleCx/NodeGoat
CxAST-Project: RobertMickleCx/NodeGoat
CxAST platform scan: 3f4864fd-127b-412c-8cca-4b4873ce2f29
Branch: master
Application: NodeGoat
Severity: HIGH
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-1321
Additional Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: PARTIAL
Availability impact: PARTIAL
References
Advisory
Commit
Commit
POC/Exploit
Advisory
Vulnerable Package issue exists @ Npm-set-value-0.4.3 in branch master
set-value is vulnerable to Prototype Pollution before 2.0.1 and 3.x before 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and proto payloads.
Namespace: RobertMickleCx
Repository: NodeGoat
Repository Url: https://github.com/RobertMickleCx/NodeGoat
CxAST-Project: RobertMickleCx/NodeGoat
CxAST platform scan: 3f4864fd-127b-412c-8cca-4b4873ce2f29
Branch: master
Application: NodeGoat
Severity: HIGH
State: NOT_IGNORED
Status: RECURRENT
CWE: CWE-1321
Additional Info
Attack vector: NETWORK
Attack complexity: LOW
Confidentiality impact: PARTIAL
Availability impact: PARTIAL
References
Advisory
Commit
Commit
POC/Exploit
Advisory