8 matches found
Linux Distros Unpatched Vulnerability : CVE-2018-16469
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The merge.recursive function in the merge package 1.2.1 can be tricked into adding or modifying properties of the Object prototype. These properties will be...
Adobe Experience Manager 6.1 < 6.3.3.7 / 6.4 < 6.4.7.0 / 6.5 < 6.5.3.0 Multiple Vulnerabilities (APSB20-01)
The version of Adobe Experience Manager installed on the remote host is 6.1.x less than 6.3.3.7, 6.4.x less than 6.4.7.0, or 6.5.x less than 6.5.4.0. It is, therefore, affected by multiple vulnerabilities that could lead to sensitive information disclosure, as referenced in the APSB20-01 advisory...
Prototype Pollution
merge is vulnerable to prototype pollution. A bypass of the fix for CVE-2018-16469 exists and allows arbitrary properties of the Object prototype to be added or modified via JSON.parse...
@blackbaud/skyux-deploy (>=1.0.0 <=1.4.0), @cysonius/json-utils (>=0.0.1 <=0.0.5) +355 more potentially affected by CVE-2018-16469 via merge (>=1.0.0 <=1.2.0)
merge NPM version =1.0.0, =1.0.0, =0.0.1, =0.0.2, =0.0.12, =1.0.0, =0.0.1, =0.0.1, =0.1.0, =0.52.0-typescript3-1, =0.52.0-src-build, =1.2.0, =1.2.4 and more Source cves: CVE-2018-16469 Source advisory: OSV:GHSA-F9CM-QMX5-M98H...
CVE-2018-16469
The merge.recursive function in the merge package 1.2.1 can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all objects allowing for a denial of service attack...
CVE-2018-16469
The merge.recursive function in the merge package 1.2.1 can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all objects allowing for a denial of service attack...
CVE-2018-16469
The merge.recursive function in the merge package 1.2.1 can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all objects allowing for a denial of service attack...
CVE-2018-16469
CVE-2018-16469 affects the merge package before version 1.2.1. The vulnerability arises in the merge.recursive function, which can be tricked into adding or modifying properties of Object.prototype. These polluted properties become present on all objects, potentially enabling a denial-of-service ...