CVE-2018-16486

A prototype pollution vulnerability was found in defaults-deep <=0.2.4 that would allow a malicious user to inject properties onto Object.prototype.

A prototype pollution vulnerability was found in defaults-deep <=0.2.4 that would allow a malicious user to inject properties onto Object.prototype.

All versions of `defaults-deep` are vulnerable to prototype pollution. Provided certain input `defaults-deep` can add or modify properties of the `Object` prototype. These properties will be present on all objects. ## Recommendation As no patch is currently available for this vulnerability it is our recommendation to select another module that can provide this functionality.

All versions of `defaults-deep` are vulnerable to prototype pollution. Provided certain input `defaults-deep` can add or modify properties of the `Object` prototype. These properties will be present on all objects. ## Recommendation As no patch is currently available for this vulnerability it is our recommendation to select another module that can provide this functionality.

Se ha detectado una vulnerabilidad de contaminación de prototipo en defaults-deep, en la versión 0.2.4 y anteriores, que podría permitir a un usuario malicioso inyectar propiedades en Object.prototype.