Vulnerabilities > CVE-2021-23329 - Unspecified vulnerability in Getadigital Nested-Object-Assign

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

getadigital

NVD

Published: 2021-01-31

Updated: 2024-11-21

Summary

The package nested-object-assign before 1.0.4 are vulnerable to Prototype Pollution via the default function, as demonstrated by running the PoC below.

Vulnerable Configurations

Part	Description	Count
Application	Getadigital Getadigital Nested Object Assign - Getadigital Nested Object Assign 1.0.0 Getadigital Nested Object Assign 1.0.1 Getadigital Nested Object Assign 1.0.2 Getadigital Nested Object Assign 1.0.3	5

References

https://github.com/Geta/NestedObjectAssign/pull/11
https://github.com/Geta/NestedObjectAssign/pull/11
https://snyk.io/vuln/SNYK-JS-NESTEDOBJECTASSIGN-1065977
https://snyk.io/vuln/SNYK-JS-NESTEDOBJECTASSIGN-1065977