Advisories ยป MGASA-2020-0230

Updated nodejs-set-value packages fix security vulnerability

Publication date: 27 May 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-10747

Description

Updated nodejs-set-value package fixes security vulnerability:

A vulnerability was found in NOdejs set-value, where set-value is
vulnerable to prototype Pollution in versions lower than 3.0.1.
The function mixin-deep could be tricked into adding or modifying
properties of Object.prototype using any of the constructor,
prototype and _proto_ payloads (CVE-2019-10747).
                

References

SRPMS

7/core