CVE-2021-23402

HIGH

record-like-deep-assign - Prototype Pollution via Main Functionality

Title source: llm

All versions of package record-like-deep-assign are vulnerable to Prototype Pollution via the main functionality.

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

Broken Link x_refsource_misc

CVSS v3 7.3

EPSS 0.0117

EPSS Percentile 63.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-1321

Status published

Products (2)

npm/record-like-deep-assign 0npm

record-like-deep-assign_project/record-like-deep-assign

Published Jul 02, 2021

Tracked Since Feb 18, 2026