MGASA-2020-0230

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2019-10747

Published: 27 May 2020, 00:46

Last modified:16 Apr 2026, 04:43

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

27 May 2020, 00:46

Published

Vulnerability first disclosed

16 Apr 2026, 04:43

Last Modified

Vulnerability information updated

Description

Updated nodejs-set-value packages fix security vulnerability Updated nodejs-set-value package fixes security vulnerability: A vulnerability was found in NOdejs set-value, where set-value is vulnerable to prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and _proto_ payloads (CVE-2019-10747).

Affected Systems

mageia•nodejs-set-value
< 3.0.2-1.mga7

References (3)

https://advisories.mageia.org/MGASA-2020-0230.html
https://bugs.mageia.org/show_bug.cgi?id=26227
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/3EJ36KV6MXQPUYTFCCTDY54E5Y7QP3AV/