3 matches found
@risingstack/trace (=2.0.1), democracyos-notifier (>=1.3.0 <=2.1.3) +1 more potentially affected by CVE-2018-3723 via defaults-deep (=0.2.3)
defaults-deep NPM version =0.2.3 is affected by a known vulnerability. The following packages have a transitive dependency on defaults-deep and may be impacted: - @risingstack/trace =2.0.1 - democracyos-notifier =1.3.0, =2.1.3 - oddvoter-notifier =1.1.1 Source cves: CVE-2018-3723 Source advisory:...
CVE-2018-3723
defaults-deep node module before 0.2.4 suffers from a Modification of Assumed-Immutable Data MAID vulnerability, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects...
CVE-2018-3723
CVE-2018-3723 affects defaults-deep prior to 0.2.4, enabling prototype pollution by abusing proto to modify Object.prototype. This can lead to added or altered properties existing on all objects, with potential DoS and, in some cases, remote code execution as described in linked advisories. The i...