What the vulnerability does

01Description

Flaw in input validation in npm package utils-extend version 1.0.8 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using utils-extend.

Key dates

02Disclosure timeline

April 3, 2020 CVE published
August 4, 2024 Record updated