8 matches found
Linux Distros Unpatched Vulnerability : CVE-2018-16491
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A prototype pollution vulnerability was found in node.extend 1.1.7, 2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype...
CVE-2018-16491
A prototype pollution vulnerability was found in node.extend 1.1.7, 2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype...
@feidao-factory/server (>=5.0.201901071713 <=5.0.201901251726), @feidao-factory/service (>=5.0.201812141540 <=5.0.201901071619) +39 more potentially affected by CVE-2018-16491 via node.extend (=2.0.0)
node.extend NPM version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on node.extend and may be impacted: - @feidao-factory/server =5.0.201901071713, =5.0.201812141540, =1.0.1-server20190117165116, =1.0.201901260938, =2.0.0, =0.0.1, =1.0.0,...
3vot-salesforce-proxy (>=0.0.1 <=0.1.6), 47pages-keystone (>=0.0.1 <=0.0.5) +710 more potentially affected by CVE-2018-16491 via node.extend (>=0.0.1 <=1.1.6)
node.extend NPM version =0.0.1, =0.0.1, =0.0.1, =0.1.8, =0.0.6, =0.2.8-aneilbaboo1, =0.2.1, =0.5.0, =1.0.37, =0.2.1, =1.0.0, =0.2.35, =0.0.1, =2.3.1 and more Source cves: CVE-2018-16491 Source advisory: OSV:GHSA-R96C-57PF-9JJM...
CVE-2018-16491
A prototype pollution vulnerability was found in node.extend 1.1.7, 2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype...
CVE-2018-16491
CVE-2018-16491 describes a prototype pollution vulnerability in node.extend before 1.1.7 and before 2.0.1, enabling an attacker to inject arbitrary properties onto Object.prototype. Affected versions are node.extend <1.1.7, ~
CVE-2018-16491
A prototype pollution vulnerability was found in node.extend 1.1.7, 2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype...
CVE-2018-16491
A prototype pollution vulnerability was found in node.extend 1.1.7, 2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype...