4 matches found
@careteam/mfe-init (=0.0.8), @topfeed/topfeed (>=0.0.30 <=0.0.44) +68 more potentially affected by CVE-2018-3720 via assign-deep (>=0.1.2 <=0.4.6)
assign-deep NPM version =0.1.2, =0.0.30, =0.0.1, =1.0.0, =0.0.1, =0.1.0, =1.0.0, =1.2.0, =0.0.1, =1.0.0, =1.0.0, =0.0.1, =0.0.1, =1.0.0, =2.3.0 and more Source cves: CVE-2018-3720 Source advisory: OSV:GHSA-XCVV-84J5-JW9H...
CVE-2018-3720
assign-deep node module before 0.4.7 suffers from a Modification of Assumed-Immutable Data MAID vulnerability, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects...
CVE-2018-3720
assign-deep node module before 0.4.7 suffers from a Modification of Assumed-Immutable Data MAID vulnerability, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects...
CVE-2018-3720
The CVE-2018-3720 entry concerns the assign-deep Node.js module. Versions prior to 0.4.7 are affected by a prototype-pollution (MAID) vulnerability that lets an attacker modify Object.prototype via proto , enabling addition or modification of properties that propagate to all objects. Impact is de...