Lucene search
GoogleOSV:CVE-2018-3722HistoryJun 07, 2018 - 2:29 a.m.
CVE-2018-3722
2018-06-0702:29:08
Google
osv.dev
4
merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of “Object” via proto, causing the addition or modification of an existing property that will exist on all objects.
| CPE | Name | Operator | Version |
|---|---|---|---|
| merge-deep | eq | 2.0.1 | |
| merge-deep | eq | 3.0.0 | |
| merge-deep | eq | 1.0.3 | |
| merge-deep | eq | 2.0.2 | |
| merge-deep | eq | 0.1.5 | |
| merge-deep | eq | 1.0.1 | |
| merge-deep | eq | 0.1.3 |
Related
nodejs
nodejs
Prototype Pollution
2018-04-24 14:34:57
cve
cve
CVE-2018-3722
2018-06-07 02:29:08
osv
osv
Prototype Pollution in merge-deep
2018-07-26 15:17:15
veracode
veracode
Prototype Pollution
2018-02-21 02:32:14
cvelist
cvelist
CVE-2018-3722
2018-04-26 00:00:00
hackerone
hackerone
Node.js third-party modules: Prototype pollution attack (merge-deep)
2018-01-31 02:54:40
prion
prion
Code injection
2018-06-07 02:29:00
nvd
nvd
CVE-2018-3722
2018-06-07 02:29:08
github
github
Prototype Pollution in merge-deep
2018-07-26 15:17:15