You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
Prototype Pollution in extend
Moderate severity
GitHub Reviewed
Published
Feb 7, 2019
to the GitHub Advisory Database
•
Updated Jan 22, 2026
Versions of extend prior to 3.0.2 (for 3.x) and 2.0.2 (for 2.x) are vulnerable to Prototype Pollution. The extend() function allows attackers to modify the prototype of Object causing the addition or modification of an existing property that will exist on all objects.
Recommendation
If you're using extend 3.x upgrade to 3.0.2 or later.
If you're using extend 2.x upgrade to 2.0.2 or later.
Versions of
extendprior to 3.0.2 (for 3.x) and 2.0.2 (for 2.x) are vulnerable to Prototype Pollution. Theextend()function allows attackers to modify the prototype of Object causing the addition or modification of an existing property that will exist on all objects.Recommendation
If you're using
extend3.x upgrade to 3.0.2 or later.If you're using
extend2.x upgrade to 2.0.2 or later.References