This affects the package open-graph before 0.2.6. The function parse could be tricked into adding or modifying properties of Object.prototype using a __proto__ or constructor payload.
Metrics
Affected Vendors & Products
References
History
No history.

Status: PUBLISHED
Assigner: snyk
Published: 2021-08-08T07:30:12.077212Z
Updated: 2024-09-16T18:39:41.932Z
Reserved: 2021-01-08T00:00:00
Link: CVE-2021-23419

No data.

Status : Modified
Published: 2021-08-08T08:15:06.150
Modified: 2024-11-21T05:51:43.487
Link: CVE-2021-23419

No data.