CVE-2019-10746 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2019-10746 Interim 1 4 2025-02-17T02:08:37Z current 2023-10-31T00:46:37Z 2025-02-17T02:08:37Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2019-10746 mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Liberty Linux 8 nodejs-12.20.1-1.module+el8.3.0+9503+19cb079c nodejs-devel-12.20.1-1.module+el8.3.0+9503+19cb079c nodejs-docs-12.20.1-1.module+el8.3.0+9503+19cb079c nodejs-full-i18n-12.20.1-1.module+el8.3.0+9503+19cb079c nodejs-nodemon-2.0.3-1.module+el8.3.0+9715+1718613f nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45 npm-6.14.10-1.12.20.1.1.module+el8.3.0+9503+19cb079c nodejs-12.20.1-1.module+el8.3.0+9503+19cb079c as a component of SUSE Liberty Linux 8 nodejs-devel-12.20.1-1.module+el8.3.0+9503+19cb079c as a component of SUSE Liberty Linux 8 nodejs-docs-12.20.1-1.module+el8.3.0+9503+19cb079c as a component of SUSE Liberty Linux 8 nodejs-full-i18n-12.20.1-1.module+el8.3.0+9503+19cb079c as a component of SUSE Liberty Linux 8 nodejs-nodemon-2.0.3-1.module+el8.3.0+9715+1718613f as a component of SUSE Liberty Linux 8 nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45 as a component of SUSE Liberty Linux 8 npm-6.14.10-1.12.20.1.1.module+el8.3.0+9503+19cb079c as a component of SUSE Liberty Linux 8 mixin-deep is vulnerable to Prototype Pollution in versions before 1.3.2 and version 2.0.0. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using a constructor payload. CVE-2019-10746 SUSE Liberty Linux 8:nodejs-12.20.1-1.module+el8.3.0+9503+19cb079c SUSE Liberty Linux 8:nodejs-devel-12.20.1-1.module+el8.3.0+9503+19cb079c SUSE Liberty Linux 8:nodejs-docs-12.20.1-1.module+el8.3.0+9503+19cb079c SUSE Liberty Linux 8:nodejs-full-i18n-12.20.1-1.module+el8.3.0+9503+19cb079c SUSE Liberty Linux 8:nodejs-nodemon-2.0.3-1.module+el8.3.0+9715+1718613f SUSE Liberty Linux 8:nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45 SUSE Liberty Linux 8:npm-6.14.10-1.12.20.1.1.module+el8.3.0+9503+19cb079c critical 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H