Prototype Pollution

angularjs is vulnerable to prototype pollution. An attacker is able to add or modify properties of the Object.prototype by using a malicious proto object in the merge function, resulting in possible execution of arbitrary code...

AngularJS Input Validation Error Vulnerability

AngularJS is a TypeScript-based open source web application framework. An input validation error vulnerability exists in AngularJS versions prior to 1.7.9, which can be exploited by an attacker via the proto payload to trick the merge function into adding or modifying properties of Object.prototy...

CVE-2019-10768

In AngularJS before 1.7.9 the function merge could be tricked into adding or modifying properties of Object.prototype using a proto payload...

DEBIAN-CVE-2019-10768

In AngularJS before 1.7.9 the function merge could be tricked into adding or modifying properties of Object.prototype using a proto payload...

CVE-2019-10768

In AngularJS before 1.7.9 the function merge could be tricked into adding or modifying properties of Object.prototype using a proto payload...

Code injection

In AngularJS before 1.7.9 the function merge could be tricked into adding or modifying properties of Object.prototype using a proto payload...

UBUNTU-CVE-2019-10768

In AngularJS before 1.7.9 the function merge could be tricked into adding or modifying properties of Object.prototype using a proto payload...

CVE-2019-10768

In AngularJS before 1.7.9 the function merge could be tricked into adding or modifying properties of Object.prototype using a proto payload...

PT-2019-12040

Name of the Vulnerable Software and Affected Versions AngularJS versions prior to 1.7.9 Description The issue concerns the merge function, which can be tricked into adding or modifying properties of Object.prototype using a proto payload. This may allow an attacker to add or modify an existing...

Prototype Pollution

Overview angular is a package that lets you write client-side web applications as if you had a smarter browser. It also lets you use HTML as your template language and lets you extend HTML’s syntax to express your application’s components clearly and succinctly. Affected versions of this package...

Prototype Pollution

Overview AngularJS.Core is an AngularJS. package for other Angular modules within .NET. Affected versions of this package are vulnerable to Prototype Pollution. The function merge could be tricked into adding or modifying properties of Object.prototype using a proto payload. PoC by Snyk...

Prototype Pollution in lutils-merge

All versions of lutils-merge are vulnerable to Prototype Pollution. The merge function fails to prevent user input to alter an Object's prototype, allowing attackers to modify override properties of all objects in the application. This may lead to Denial of Service or may be chained with other...

GHSA-GM9G-2G8V-FVXJ Prototype Pollution in upmerge

All versions of upmerge are vulnerable to Prototype Pollution. The merge function fails to prevent user input to alter an Object's prototype, allowing attackers to modify override properties of all objects in the application. This may lead to Denial of Service or may be chained with other...

Prototype Pollution

Overview All versions of upmerge are vulnerable to Prototype Pollution. The merge function fails to prevent user input to alter an Object's prototype, allowing attackers to modify override properties of all objects in the application. This may lead to Denial of Service or may be chained with othe...

DEBIAN-CVE-2018-16487

A prototype pollution vulnerability was found in lodash 4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype...

PT-2018-3812

Name of the Vulnerable Software and Affected Versions lodash versions prior to 4.17.11 Description A prototype pollution issue was discovered in the merge, mergeWith, and defaultsDeep functions of the lodash library. This issue can be exploited to add or modify properties of Object.prototype. The...

Prototype Pollution

merge is vulnerable to prototype pollution. Properties of the Object prototype can be added or modified via JSON.parse, causing a denial of service condition or possibly remote code execution depending on the application...

Prototype Pollution

Overview @sailshq/lodash is a fork of Lodash 3.10.x with ongoing maintenance from the Sails core team. Affected versions of this package are vulnerable to Prototype Pollution. The functions merge, mergeWith, and defaultsDeep could be tricked into adding or modifying properties of Object.prototype...

Prototype Pollution

Overview lodash.defaultsdeep is a Lodash method .defaultsDeep exported as a Node.js module. Affected versions of this package are vulnerable to Prototype Pollution. The functions merge, mergeWith, and defaultsDeep could be tricked into adding or modifying properties of Object.prototype. This is d...

Prototype Pollution

Overview lodash-rails is a lodash for the Rails asset pipeline. Affected versions of this package are vulnerable to Prototype Pollution. The functions merge, mergeWith, and defaultsDeep could be tricked into adding or modifying properties of Object.prototype. This is due to an incomplete fix to...