You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Prototype Pollution in angular
High severity
GitHub Reviewed
Published
Nov 20, 2019
to the GitHub Advisory Database
•
Updated Jan 27, 2023
Versions of angular prior to 1.7.9 are vulnerable to prototype pollution. The deprecated API function merge() does not restrict the modification of an Object's prototype in the , which may allow an attacker to add or modify an existing property that will exist on all objects.
Recommendation
Upgrade to version 1.7.9 or later. The function was already deprecated and upgrades are not expected to break functionality.
Versions of
angular
prior to 1.7.9 are vulnerable to prototype pollution. The deprecated API functionmerge()
does not restrict the modification of an Object's prototype in the , which may allow an attacker to add or modify an existing property that will exist on all objects.Recommendation
Upgrade to version 1.7.9 or later. The function was already deprecated and upgrades are not expected to break functionality.
References