44 matches found
GHSA-R6RJ-9CH6-G264 Prototype pollution in Merge-deep
The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library...
Prototype pollution in Merge-deep
The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library...
CVE-2021-26707
The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library...
CVE-2021-26707
The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library...
Code injection
The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library...
CVE-2021-26707
The CVE-2021-26707 entry covers the merge-deep library for Node.js, which is vulnerable to prototype pollution in versions before 3.0.3. A specially crafted payload can overwrite or extend Object.prototype, causing the polluted properties to be inherited by all objects in the program. Documented ...
CVE-2021-26707
The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library...
PT-2021-17103 · Unknown · Merge-Deep
Name of the Vulnerable Software and Affected Versions: merge-deep library versions prior to 3.0.3 Description: The issue allows an attacker to trick the library into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in t...
merge-deep 安全漏洞
merge-deep is an open source tool . It is used to recursively merge values in JavaScript objects. A security vulnerability exists in merge-deep before 3.0.3, which stems from the fact that the merge-deep library may be spoofed to override attributes of Object, the merge-deep library may be spoofe...
CVE-2021-26707
The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library...
@glossgenius/eslint-config (>=1.0.2 <=1.0.7), @halonext/nestjs-express-cassandra (>=7.0.0 <=7.1.0) +7 more potentially affected by CVE-2021-26707 via merge-deep (>=3.0.0 <=3.0.2)
merge-deep NPM version =3.0.0, =1.0.2, =7.0.0, =5.2.0, =6.0.1, =0.0.1, =0.1.0, =0.0.11, =1.0.0, =1.2.4 Source cves: CVE-2021-26707 Source advisory: SNYK:JS-MERGEDEEP-1070277...
Prototype Pollution
Overview merge-deep is a recursively merges values in a javascript object. Affected versions of this package are vulnerable to Prototype Pollution. Merge-deep actively attempts to prevent prototype pollution by blocking object property merges into proto, however it still allows for prototype...
Prototype Pollution
merge-deep is vulnerable to prototype pollution attacks. An attacker is able to inject and overwrite arbitrary properties such as proto, constructor or prototype, resulting in privilege escalation, denial of service or potential arbitrary code execution...
Prototype Pollution
Overview utilitify is a the utilities for working with a collections such as objects, arrays and primitives such as numbers, strings, etc. Affected versions of this package are vulnerable to Prototype Pollution. The merge method could be tricked into adding or modifying properties of...
@byinti/inticli (>=0.1.0 <=2.1.1), @firecubez/req (=1.2.0) +65 more potentially affected by CVE-2018-3722 via merge-deep (>=0.1.5 <=3.0.0)
merge-deep NPM version =0.1.5, =0.1.0, =0.0.0, =0.1.0-beta.2, =0.22.0, =1.0.0, =0.0.1, =0.0.2, =0.0.2, =0.0.2, =0.0.4, =0.1.1, =1.0.0, =1.0.2 and more Source cves: CVE-2018-3722 Source advisory: OSV:GHSA-9G9W-HMVJ-5H57...
GHSA-9G9W-HMVJ-5H57 Prototype Pollution in merge-deep
Versions of merge-deep before 3.0.1 are vulnerable to prototype pollution via merging functions. Recommendation Update to version 3.0.1 or later...
Prototype Pollution in merge-deep
Versions of merge-deep before 3.0.1 are vulnerable to prototype pollution via merging functions. Recommendation Update to version 3.0.1 or later...
CVE-2018-3722
merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data MAID vulnerability, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects...
Code injection
merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data MAID vulnerability, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects...
CVE-2018-3722
The CVE-2018-3722 entry concerns the merge-deep npm module, specifically versions before 3.0.1. A MAID/prototype-pollution flaw via proto enables an attacker to modify the prototype of Object, potentially adding or altering properties that exist on all objects. This can lead to server instability...