[Pkg-javascript-devel] Bug#932500: vulnerability: prototype pollution
Paolo Greppi
paolo.greppi at libpf.com
Sat Jul 20 05:32:19 BST 2019
Package: node-mixin-deep
Version: 1.1.3-3
Severity: important
Dear Maintainer,
node-mixin-deep 1.1.3-3 is affected by a prototype pollution vulnerability:
https://snyk.io/vuln/SNYK-JS-MIXINDEEP-450212
https://github.com/jonschlinkert/mixin-deep/issues/6
Please upgrade to either 1.3.2 or 2.0.1.
Thanks, Paolo
-- System Information:
Debian Release: 10.0
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-5-amd64 (SMP w/12 CPU cores)
Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8), LANGUAGE= (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages node-mixin-deep depends on:
ii node-for-in 1.0.2-1
ii node-is-extendable 1.0.1-1
ii nodejs 10.15.2~dfsg-2
node-mixin-deep recommends no packages.
node-mixin-deep suggests no packages.
-- no debconf information
More information about the Pkg-javascript-devel
mailing list