CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

5 matches found

RedhatCVE•added 2025/05/23 9:6 a.m.•3 views

CVE-2024-36582

alexbinary object-deep-assign 1.0.11 is vulnerable to Prototype Pollution via the extend method of Module.deepAssign /src/index.js...

9.8CVSS7.2AI score0.00193EPSS

Exploits0References1

Veracode•added 2024/06/19 5:41 a.m.•10 views

Prototype Pollution

@alexbinary/object-deep-assign is vulnerable to Prototype Pollution. The vulnerability is due to the lack of prototype checks in the extend function within index.js. Attackers can exploit this method to copy malicious properties to the built-in Object.prototype through special properties like pro...

9.8CVSS6.7AI score0.00193EPSS

Exploits0References3Affected Software1

NVD•added 2024/06/17 3:15 p.m.•14 views

CVE-2024-36582

alexbinary object-deep-assign 1.0.11 is vulnerable to Prototype Pollution via the extend method of Module.deepAssign /src/index.js...

9.8CVSS0.00193EPSS

Exploits0References1

Positive Technologies•added 2024/06/17 12:0 a.m.•3 views

PT-2024-27081 · Alexbinary · Object-Deep-Assign

Name of the Vulnerable Software and Affected Versions: alexbinary object-deep-assign version 1.0.11 Description: The issue concerns a Prototype Pollution vulnerability via the extend method of Module.deepAssign, located in /src/index.js. Recommendations: For alexbinary object-deep-assign version...

9.8CVSS6.6AI score0.00193EPSS

Exploits0References4