2 matches found
@amalto/custom-form-dialog (>=1.1.1 <=1.2.1), @amalto/dynamic-component (>=1.1.1 <=1.2.1) +50 more potentially affected by CVE-2018-16489 via just-extend (>=1.1.22 <=3.0.0)
just-extend NPM version =1.1.22, =1.1.1, =1.1.1, =1.0.18, =1.0.32, =1.1.0, =1.0.21, =1.0.17, =0.1.0, =1.0.5, =1.3.0, =1.0.0, =0.12.0, =0.1.0-alpha.4c5f8c5a, =0.1.0-alpha.4c5f8c5a, =5.0.3-0 and more Source cves: CVE-2018-16489 Source advisory: OSV:GHSA-675M-85RW-J3W4...
CVE-2018-16489
A prototype pollution vulnerability was found in just-extend 4.0.0 that allows attack to inject properties onto Object.prototype through its functions...