CVE-2019-10750
Prototype Pollution in deeply
9.8
CRITICAL
CVSS 3.1
EPSS 0.43%
Description
Versions of `deeply` prior to 1.0.1 are vulnerable to Prototype Pollution. The package fails to validate which Object properties it updates. This allows attackers to modify the prototype of Object, causing the addition or modification of an existing property on all objects. ## Recommendation Upgrade to version 3.1.0 or later.
How to fix CVE-2019-10750
To remediate CVE-2019-10750, upgrade the affected package to a fixed version below.
- —upgrade to 3.1.0 or later
Is CVE-2019-10750 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 3.1.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |