Lucene search

K
osvGoogleOSV:CVE-2018-3750
HistoryJul 03, 2018 - 9:29 p.m.

CVE-2018-3750

2018-07-0321:29:00
Google
osv.dev
12

AI Score

7

Confidence

Low

EPSS

0.003

Percentile

70.2%

The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.