-
CVSS Score
-Basic Information
CVE ID
-
GHSA ID
-
EPSS Score
-
CWE
-
Published
-
Updated
-
KEV Status
-
Technology
-
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AIMiggo AIRoot Cause AnalysisThe vulnerability manifests in the core deepAssign function that handles object merging. The provided PoC shows direct exploitation through this function, and prototype pollution vulnerabilities typically occur in recursive merge functions that don't filter special properties like proto. The function's purpose of deep assignment aligns with the vulnerability pattern, and the absence of any mentioned alternative functions in available documentation supports this conclusion.
| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| deep.assign | npm | = 0.0.0-alpha.0 |
JavaScriptJavaScriptKEV Misses 88% of Exploited CVEs- Get the report