Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Node.js third-party modules: Prototype pollution attack (lodash)

🗓️ 11 Oct 2019 12:20:06Reported by posixType 
hackerone
 hackerone🔗 hackerone.com👁 43 Views

Prototype pollution vulnerability in lodash npm module allows injection of properties on Object.prototype. Functions merge, mergeWith, and defaultsDeep can be exploited to modify properties. Impact includes server crash and remote code execution possibilities

Show more

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Related
ReporterTitlePublishedViews
Family
IBM Security Bulletins		Security Bulletin: Security Vulnerabilities affect IBM Cloud Pak for Data - Node.js (CVE-2020-8203)
1 Oct 202021:23
ibm
IBM Security Bulletins		Security Bulletin: CVE-2020-8203
8 Jul 202219:00
ibm
IBM Security Bulletins		Security Bulletin: CVE-2020-8203
8 Jul 202218:57
ibm
IBM Security Bulletins		Security Bulletin: A vulnerability in JavaScript affects IBM License Metric Tool v9 (CVE-2020-8203).
16 Dec 202008:03
ibm
IBM Security Bulletins		Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities CVE-2020-28500, CVE-2021-23337, CVE-2020-8203
27 Mar 202317:21
ibm
IBM Security Bulletins		Security Bulletin: IBM InfoSphere Information Server is affected by multiple vulnerabilities in Node.js lodash module
29 Nov 202301:44
ibm
IBM Security Bulletins		Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities CVE-2020-28500, CVE-2021-23337, CVE-2020-8203
24 Apr 202314:55
ibm
IBM Security Bulletins		Security Bulletin: Vulnerability in Lodash affects IBM Process Mining (Multiple CVEs)
1 Feb 202321:43
ibm
IBM Security Bulletins		Security Bulletin: Vulnerabilities found in Turf.js which is shipped with IBM® Intelligent Operations Center [CVE-2020-28500, CVE-2020-8203, CVE-2019-1010266, CVE-2019-10744, CVE-2021-23337 and CVE-2018-16487]
7 Sep 202310:42
ibm
IBM Security Bulletins		Security Bulletin: IBM Engineering Workflow Management (EWM) vulnerabilities CVE-2020-28500, CVE-2021-23337, CVE-2020-8203
24 Apr 202315:01
ibm
Rows per page

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
11 Oct 2019 12:06Current
0.6Low risk
Vulners AI Score0.6
EPSS0.02439
lodashprototype pollutionvulnerabilityinjectionobject prototypemergemergewithdefaultsdeepserver crashremote code execution
43
.json
Report