CVE-2018-3719

mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.

mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.

Versions of `mixin-deep` before 1.3.1 are vulnerable to prototype pollution via merging functions. ## Recommendation Update to version 1.3.1 or later.

Versions of `mixin-deep` before 1.3.1 are vulnerable to prototype pollution via merging functions. ## Recommendation Update to version 1.3.1 or later.

El módulo de node mixin-deep en versiones anteriores a la 1.3.1 se ve afectada por una vulnerabilidad MAID (modificación de datos asumidos como asumible), lo que permite que un usuario malicioso modifique el prototipo de "Object" mediante __proto__, provocando la adición o modificación de una propiedad existente que va a existir en todos los objetos.