Lucene search
K

44 matches found

OSV
OSV
added 2021/06/07 10:9 p.m.12 views

GHSA-R6RJ-9CH6-G264 Prototype pollution in Merge-deep

The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library...

9.8CVSS7.2AI score0.01901EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2021/06/07 10:9 p.m.53 views

Prototype pollution in Merge-deep

The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library...

9.8CVSS3AI score0.01901EPSS
Exploits0References6Affected Software1
OSV
OSV
added 2021/06/02 3:15 p.m.15 views

CVE-2021-26707

The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library...

9.8CVSS6.7AI score
Exploits0References4
NVD
NVD
added 2021/06/02 3:15 p.m.31 views

CVE-2021-26707

The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library...

9.8CVSS0.01901EPSS
Exploits0References4
Prion
Prion
added 2021/06/02 3:15 p.m.19 views

Code injection

The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library...

7.5CVSS9.3AI score0.01901EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2021/06/02 2:24 p.m.83 views

CVE-2021-26707

The CVE-2021-26707 entry covers the merge-deep library for Node.js, which is vulnerable to prototype pollution in versions before 3.0.3. A specially crafted payload can overwrite or extend Object.prototype, causing the polluted properties to be inherited by all objects in the program. Documented ...

9.8CVSS9.3AI score0.01901EPSS
Exploits0References4Affected Software1
Cvelist
Cvelist
added 2021/06/02 2:24 p.m.36 views

CVE-2021-26707

The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library...

9.7AI score0.01901EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2021/06/02 12:0 a.m.6 views

PT-2021-17103 · Unknown · Merge-Deep

Name of the Vulnerable Software and Affected Versions: merge-deep library versions prior to 3.0.3 Description: The issue allows an attacker to trick the library into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in t...

9.8CVSS9.3AI score0.01901EPSS
Exploits0References8
CNNVD
CNNVD
added 2021/06/02 12:0 a.m.7 views

merge-deep 安全漏洞

merge-deep is an open source tool . It is used to recursively merge values in JavaScript objects. A security vulnerability exists in merge-deep before 3.0.3, which stems from the fact that the merge-deep library may be spoofed to override attributes of Object, the merge-deep library may be spoofe...

9.8CVSS8.2AI score0.01901EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2021/02/08 8:29 a.m.21 views

CVE-2021-26707

The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library...

9.8CVSS2.7AI score0.01901EPSS
Exploits0References4
vulnersOsv
vulnersOsv
added 2021/02/05 1:48 p.m.7 views

@glossgenius/eslint-config (>=1.0.2 <=1.0.7), @halonext/nestjs-express-cassandra (>=7.0.0 <=7.1.0) +7 more potentially affected by CVE-2021-26707 via merge-deep (>=3.0.0 <=3.0.2)

merge-deep NPM version =3.0.0, =1.0.2, =7.0.0, =5.2.0, =6.0.1, =0.0.1, =0.1.0, =0.0.11, =1.0.0, =1.2.4 Source cves: CVE-2021-26707 Source advisory: SNYK:JS-MERGEDEEP-1070277...

9.8CVSS7.2AI score0.01901EPSS
Exploits0
Snyk
Snyk
added 2021/02/05 1:48 p.m.5 views

Prototype Pollution

Overview merge-deep is a recursively merges values in a javascript object. Affected versions of this package are vulnerable to Prototype Pollution. Merge-deep actively attempts to prevent prototype pollution by blocking object property merges into proto, however it still allows for prototype...

9.8CVSS9AI score0.01901EPSS
Exploits0References2
Veracode
Veracode
added 2021/01/27 6:1 a.m.9 views

Prototype Pollution

merge-deep is vulnerable to prototype pollution attacks. An attacker is able to inject and overwrite arbitrary properties such as proto, constructor or prototype, resulting in privilege escalation, denial of service or potential arbitrary code execution...

5.2AI score
Exploits0
Snyk
Snyk
added 2020/03/07 11:36 a.m.8 views

Prototype Pollution

Overview utilitify is a the utilities for working with a collections such as objects, arrays and primitives such as numbers, strings, etc. Affected versions of this package are vulnerable to Prototype Pollution. The merge method could be tricked into adding or modifying properties of...

8.8CVSS6.7AI score0.02044EPSS
Exploits1References2
vulnersOsv
vulnersOsv
added 2018/07/26 3:17 p.m.6 views

@byinti/inticli (>=0.1.0 <=2.1.1), @firecubez/req (=1.2.0) +65 more potentially affected by CVE-2018-3722 via merge-deep (>=0.1.5 <=3.0.0)

merge-deep NPM version =0.1.5, =0.1.0, =0.0.0, =0.1.0-beta.2, =0.22.0, =1.0.0, =0.0.1, =0.0.2, =0.0.2, =0.0.2, =0.0.4, =0.1.1, =1.0.0, =1.0.2 and more Source cves: CVE-2018-3722 Source advisory: OSV:GHSA-9G9W-HMVJ-5H57...

8.8CVSS7.2AI score0.02036EPSS
Exploits1
OSV
OSV
added 2018/07/26 3:17 p.m.2 views

GHSA-9G9W-HMVJ-5H57 Prototype Pollution in merge-deep

Versions of merge-deep before 3.0.1 are vulnerable to prototype pollution via merging functions. Recommendation Update to version 3.0.1 or later...

8.8CVSS5.9AI score0.02036EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2018/07/26 3:17 p.m.25 views

Prototype Pollution in merge-deep

Versions of merge-deep before 3.0.1 are vulnerable to prototype pollution via merging functions. Recommendation Update to version 3.0.1 or later...

8.8CVSS5.2AI score0.02036EPSS
Exploits1References5Affected Software1
NVD
NVD
added 2018/06/07 2:29 a.m.18 views

CVE-2018-3722

merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data MAID vulnerability, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects...

8.8CVSS8.6AI score0.02036EPSS
Exploits1References2
Prion
Prion
added 2018/06/07 2:29 a.m.10 views

Code injection

merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data MAID vulnerability, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects...

6.5CVSS8.5AI score0.02036EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2018/06/07 2:0 a.m.48 views

CVE-2018-3722

The CVE-2018-3722 entry concerns the merge-deep npm module, specifically versions before 3.0.1. A MAID/prototype-pollution flaw via proto enables an attacker to modify the prototype of Object, potentially adding or altering properties that exist on all objects. This can lead to server instability...

8.8CVSS8.5AI score0.02036EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder