Updated nodejs-set-value packages fix security vulnerability
Publication date: 27 May 2020Modification date: 27 May 2020
Type: security
Affected Mageia releases : 7
CVE: CVE-2019-10747
Description
Updated nodejs-set-value package fixes security vulnerability: A vulnerability was found in NOdejs set-value, where set-value is vulnerable to prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and _proto_ payloads (CVE-2019-10747).
References
SRPMS
7/core
- nodejs-set-value-3.0.2-1.mga7