Lucene search
K

4 matches found

vulnersOsv
vulnersOsv
added 2018/07/26 3:12 p.m.4 views

@careteam/mfe-init (=0.0.8), @topfeed/topfeed (>=0.0.30 <=0.0.44) +68 more potentially affected by CVE-2018-3720 via assign-deep (>=0.1.2 <=0.4.6)

assign-deep NPM version =0.1.2, =0.0.30, =0.0.1, =1.0.0, =0.0.1, =0.1.0, =1.0.0, =1.2.0, =0.0.1, =1.0.0, =1.0.0, =0.0.1, =0.0.1, =1.0.0, =2.3.0 and more Source cves: CVE-2018-3720 Source advisory: OSV:GHSA-XCVV-84J5-JW9H...

8.8CVSS7.2AI score0.02019EPSS
Exploits1
NVD
NVD
added 2018/06/07 2:29 a.m.24 views

CVE-2018-3720

assign-deep node module before 0.4.7 suffers from a Modification of Assumed-Immutable Data MAID vulnerability, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects...

8.8CVSS8.6AI score0.02019EPSS
Exploits1References2
OSV
OSV
added 2018/06/07 2:29 a.m.13 views

CVE-2018-3720

assign-deep node module before 0.4.7 suffers from a Modification of Assumed-Immutable Data MAID vulnerability, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects...

8.8CVSS8.8AI score
Exploits0References2
CVE
CVE
added 2018/06/07 2:0 a.m.67 views

CVE-2018-3720

The CVE-2018-3720 entry concerns the assign-deep Node.js module. Versions prior to 0.4.7 are affected by a prototype-pollution (MAID) vulnerability that lets an attacker modify Object.prototype via proto , enabling addition or modification of properties that propagate to all objects. Impact is de...

8.8CVSS8.5AI score0.02019EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder