Lucene search
K

9 matches found

BDU FSTEC
BDU FSTEC
added 2022/08/31 12:0 a.m.16 views

The vulnerabilities of the merge, mergeWith, and defaultsDeep functions in the Lodash library allow attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the merge, mergeWith, and defaultsDeep functions in the Lodash library is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...

6.8CVSS6.1AI score0.01553EPSS
Exploits2References4Affected Software2
vulnersOsv
vulnersOsv
added 2020/09/03 6:6 p.m.14 views

@adamvr/mongration (>=1.0.1 <=1.1.1), @aemcloud/aemcloud-cli (>=0.1.1 <=0.10.8) +2146 more potentially affected by unknown CVE via lodash.merge (>=2.2.1 <=4.6.0)

lodash.merge NPM version =2.2.1, =1.0.1, =0.1.1, =0.70.1, =1.0.1, =2.2.3, =1.3.5, =1.2.2, =0.1.0-18, =1.0.0, =0.0.9, =4.0.0, =1.0.0, =1.0.0-dev-152fa896b5f3eb24fb8b97a28b89f0a83ea5da0f, =1.0.0-dev-a5e815fb69787bead6cfece07fba686b91ed3d3a and more Source cves: unknown CVE Source advisory:...

5.7AI score
Exploits0
OSV
OSV
added 2020/09/03 6:6 p.m.3 views

GHSA-2M96-9W4J-WGV7 Prototype Pollution in lodash.merge

Versions of lodash.merge before 4.6.1 are vulnerable to Prototype Pollution. The function 'merge' may allow a malicious user to modify the prototype of Object via proto causing the addition or modification of an existing property that will exist on all objects. Recommendation Update to version...

5.9AI score
Exploits0References1
vulnersOsv
vulnersOsv
added 2020/09/03 6:4 p.m.6 views

@adamvr/mongration (>=1.0.1 <=1.1.1), @aemcloud/aemcloud-cli (>=0.1.1 <=0.10.8) +2282 more potentially affected by unknown CVE via lodash.merge (>=2.2.1 <=4.6.1)

lodash.merge NPM version =2.2.1, =1.0.1, =0.1.1, =0.70.1, =1.0.1, =2.2.3, =1.3.5, =1.2.2, =0.1.0-18, =0.5.1-atomist-update-latest-1540938130032.20181101043939, =1.0.0, =0.0.9, =4.0.0, =1.0.0, =1.0.2 and more Source cves: unknown CVE Source advisory: OSV:GHSA-H726-X36V-RX45...

5.7AI score
Exploits0
OSV
OSV
added 2020/09/03 6:4 p.m.3 views

GHSA-H726-X36V-RX45 Prototype Pollution in lodash.merge

Versions of lodash.merge before 4.6.2 are vulnerable to prototype pollution. The function merge may allow a malicious user to modify the prototype of Object via constructor: prototype: ... causing the addition or modification of an existing property that will exist on all objects. Recommendation...

5.9AI score
Exploits0References1
Snyk
Snyk
added 2018/08/31 6:21 p.m.6 views

Prototype Pollution

Overview lodash.merge is a Lodash method .merge exported as a Node.js module. Affected versions of this package are vulnerable to Prototype Pollution. The functions merge, mergeWith, and defaultsDeep could be tricked into adding or modifying properties of Object.prototype. This is due to an...

7.3CVSS6.9AI score0.02413EPSS
Exploits3References6
vulnersOsv
vulnersOsv
added 2018/08/31 6:21 p.m.5 views

@atlauncher/atlauncher-scripts (>=0.1.0-18 <=0.1.0-19), @atomist/sample-sdm (>=0.5.1-atomist-update-latest-1540938130032.20181101043939 <=0.5.1-master.20181101044648) +415 more potentially affected by CVE-2018-16487 +1 more via lodash.merge (>=4.0.1 <=4.6.1)

lodash.merge NPM version =4.0.1, =0.1.0-18, =0.5.1-atomist-update-latest-1540938130032.20181101043939, =5.3.8, =3.1.0, =5.0.0, =5.2.7, =5.2.8, =6.1.1, =5.0.0, =5.0.0, =5.2.8, =5.1.1, =0.1.3, =6.2.6, =6.3.3 and more Source cves: CVE-2018-16487, CVE-2018-3721 Source advisory:...

6.8CVSS6.4AI score0.02413EPSS
Exploits3
vulnersOsv
vulnersOsv
added 2018/01/30 10:28 p.m.5 views

@atlauncher/atlauncher-scripts (>=0.1.0-18 <=0.1.0-19), @atomist/sample-sdm (>=0.5.1-atomist-update-latest-1540938130032.20181101043939 <=0.5.1-master.20181101044648) +415 more potentially affected by CVE-2018-3721 via lodash.merge (>=4.0.1 <=4.6.1)

lodash.merge NPM version =4.0.1, =0.1.0-18, =0.5.1-atomist-update-latest-1540938130032.20181101043939, =5.3.8, =3.1.0, =5.0.0, =5.2.7, =5.2.8, =6.1.1, =5.0.0, =5.0.0, =5.2.8, =5.1.1, =0.1.3, =6.2.6, =6.3.3 and more Source cves: CVE-2018-3721 Source advisory: SNYK:JS-LODASHMERGE-173733...

6.5CVSS6.4AI score0.02413EPSS
Exploits2
Snyk
Snyk
added 2018/01/30 10:28 p.m.5 views

Prototype Pollution

Overview lodash.merge is a Lodash method .merge exported as a Node.js module. Affected versions of this package are vulnerable to Prototype Pollution. The utilities function allow modification of the Object prototype. If an attacker can control part of the structure passed to this function, they...

6.5CVSS7.1AI score0.02413EPSS
Exploits2References6
Rows per page
Query Builder