5 matches found
CVE-2017-16489
This CVE entry is rejected and not used; it does not represent an active vulnerability.
CVE-2017-16489
...
@amalto/custom-form-dialog (>=1.1.1 <=1.2.1), @amalto/dynamic-component (>=1.1.1 <=1.2.1) +50 more potentially affected by CVE-2018-16489 via just-extend (>=1.1.22 <=3.0.0)
just-extend NPM version =1.1.22, =1.1.1, =1.1.1, =1.0.18, =1.0.32, =1.1.0, =1.0.21, =1.0.17, =0.1.0, =1.0.5, =1.3.0, =1.0.0, =0.12.0, =0.1.0-alpha.4c5f8c5a, =0.1.0-alpha.4c5f8c5a, =5.0.3-0 and more Source cves: CVE-2018-16489 Source advisory: OSV:GHSA-675M-85RW-J3W4...
CVE-2018-16489
A prototype pollution vulnerability was found in just-extend 4.0.0 that allows attack to inject properties onto Object.prototype through its functions...
CVE-2018-16489
CVE-2018-16489 is a prototype pollution vulnerability in the Node.js module just-extend, affecting versions before 4.0.0. An attacker can inject properties onto Object.prototype via the module’s functions, enabling an attacker to alter object properties globally and potentially cause denial of se...