3 matches found
CVE-2018-16486
A prototype pollution vulnerability was found in defaults-deep =0.2.4 that would allow a malicious user to inject properties onto Object.prototype...
CVE-2018-16486
A prototype pollution vulnerability was found in defaults-deep =0.2.4 that would allow a malicious user to inject properties onto Object.prototype...
CVE-2018-16486
Summary: CVE-2018-16486 corresponds to a prototype pollution vulnerability in the npm package defaults-deep, affecting versions ≤ 0.2.4. The vulnerability allows an attacker to inject or modify properties on Object.prototype, which can affect all objects in the runtime. Several sources (OSV, GHSA...