2 matches found
angular-rome (>=0.2.4 <=0.2.9), api-gate (>=0.0.8 <=0.0.14) +74 more potentially affected by CVE-2018-16487 +1 more via lodash._basemerge (>=2.0.0 <=2.4.1)
lodash.basemerge NPM version =2.0.0, =0.2.4, =0.0.8, =0.1.2, =0.5.0, =0.0.3, =0.0.2, =0.0.0, =0.1.3, =0.0.0, =0.0.1, =0.0.1, =0.0.1, =1.0.18, =1.1.16 and more Source cves: CVE-2018-16487, CVE-2018-3721 Source advisory: SNYK:JS-LODASHBASEMERGE-450200...
Prototype Pollution
Overview lodash.basemerge is a The internal Lo-Dash function baseMerge as a Node.js module generated by lodash-cli. Affected versions of this package are vulnerable to Prototype Pollution. The utilities function allow modification of the Object prototype. If an attacker can control part of the...