4 matches found
@byinti/inticli (>=0.1.0 <=2.1.1), @firecubez/req (=1.2.0) +65 more potentially affected by CVE-2018-3722 via merge-deep (>=0.1.5 <=3.0.0)
merge-deep NPM version =0.1.5, =0.1.0, =0.0.0, =0.1.0-beta.2, =0.22.0, =1.0.0, =0.0.1, =0.0.2, =0.0.2, =0.0.2, =0.0.4, =0.1.1, =1.0.0, =1.0.2 and more Source cves: CVE-2018-3722 Source advisory: OSV:GHSA-9G9W-HMVJ-5H57...
CVE-2018-3722
merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data MAID vulnerability, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects...
CVE-2018-3722
merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data MAID vulnerability, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects...
CVE-2018-3722
The CVE-2018-3722 entry concerns the merge-deep npm module, specifically versions before 3.0.1. A MAID/prototype-pollution flaw via proto enables an attacker to modify the prototype of Object, potentially adding or altering properties that exist on all objects. This can lead to server instability...