Lucene search
K

4 matches found

vulnersOsv
vulnersOsv
added 2018/07/26 3:17 p.m.6 views

@byinti/inticli (>=0.1.0 <=2.1.1), @firecubez/req (=1.2.0) +65 more potentially affected by CVE-2018-3722 via merge-deep (>=0.1.5 <=3.0.0)

merge-deep NPM version =0.1.5, =0.1.0, =0.0.0, =0.1.0-beta.2, =0.22.0, =1.0.0, =0.0.1, =0.0.2, =0.0.2, =0.0.2, =0.0.4, =0.1.1, =1.0.0, =1.0.2 and more Source cves: CVE-2018-3722 Source advisory: OSV:GHSA-9G9W-HMVJ-5H57...

8.8CVSS7.2AI score0.02036EPSS
Exploits1
OSV
OSV
added 2018/06/07 2:29 a.m.16 views

CVE-2018-3722

merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data MAID vulnerability, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects...

8.8CVSS8.8AI score
Exploits0References2
Cvelist
Cvelist
added 2018/06/07 2:0 a.m.19 views

CVE-2018-3722

merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data MAID vulnerability, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects...

8.6AI score0.02036EPSS
Exploits1References2
CVE
CVE
added 2018/06/07 2:0 a.m.47 views

CVE-2018-3722

The CVE-2018-3722 entry concerns the merge-deep npm module, specifically versions before 3.0.1. A MAID/prototype-pollution flaw via proto enables an attacker to modify the prototype of Object, potentially adding or altering properties that exist on all objects. This can lead to server instability...

8.8CVSS8.5AI score0.02036EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder