Prototype Pollution in async merge-object

🗓️ 18 Sep 2018 13:24:47Reported by GitHub Advisory DatabaseType

Prototype Pollution in merge-object node modul

Reporter	Title	Published	Views	Family All 8
CVE	CVE-2018-3753	3 Jul 201821:29	–	cve
Hacker One	Node.js third-party modules: Prototype pollution attack (merge-objects)	31 Jan 201802:41	–	hackerone
Cvelist	CVE-2018-3753	3 Jul 201821:00	–	cvelist
OSV	CVE-2018-3753	3 Jul 201821:29	–	osv
OSV	Prototype Pollution in async merge-object	18 Sep 201813:47	–	osv
Veracode	Prototype Pollution	16 Apr 201802:25	–	veracode
Prion	Code injection	3 Jul 201821:29	–	prion
NVD	CVE-2018-3753	3 Jul 201821:29	–	nvd

Vulners

Node

merge\-object_project merge\-objectRange≤1.0.0

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2018-3753
hackerone	www.hackerone.com/reports/310706
github	www.github.com/advisories/GHSA-fp82-2h99-3fpp

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

18 Sep 2018 13:47Current

5Medium risk

Vulners AI Score5

CVSS27.5

CVSS39.8

EPSS0.00375