29 matches found
SUSE CVE-2018-3750
The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all object...
EUVD-2018-0617
Malware in sbrugna...
Linux Distros Unpatched Vulnerability : CVE-2018-3750
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can contro...
Rocky Linux 8 : nodejs:12 (RLSA-2021:0549)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:0549 advisory. - The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker...
RHEL 7 : rh-nodejs8-nodejs (RHSA-2020:2625)
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:2625 advisory. Node.js is a software development platform for building fast and scalable network applications in the JavaScript programming language. The...
Prototype Pollution in jalik/js-deep-extend
✍️ Description Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. JavaScript allows all Object attributes to be altered, including their magical attributes such as proto, constructor and prototype. An attacker...
nodejs-deep-extend: Prototype pollution can allow attackers to modify object properties
The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all object...
nodejs-deep-extend: Prototype pollution can allow attackers to modify object properties
The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all object...
PT-2020-19764 · Tsed · @Tsed/Core
Name of the Vulnerable Software and Affected Versions: @tsed/core versions prior to 5.65.7 Description: This issue relates to the deepExtend function, part of the utils directory. Depending on user input, an attacker can overwrite and pollute the object prototype of a program. Recommendations: Fo...
nodejs-deep-extend: Prototype pollution can allow attackers to modify object properties
The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all object...
Fedora 28 : nodejs-deep-extend (2018-636f73964f)
Security fix for CVE-2018-3750 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300...
GHSA-HR2V-3952-633Q Prototype Pollution in deep-extend
Versions of deep-extend before 0.5.1 are vulnerable to prototype pollution. Recommendation Update to version 0.5.1 or later...
Prototype Pollution in deep-extend
Versions of deep-extend before 0.5.1 are vulnerable to prototype pollution. Recommendation Update to version 0.5.1 or later...
08cms (=1.0.0), 3dshex (>=0.1.0 <=0.5.3) +9450 more potentially affected by CVE-2018-3750 via deep-extend (>=0.2.10 <=0.5.0)
deep-extend NPM version =0.2.10, =0.1.0, =1.0.0, =1.1.0, =4.0.0, =1.0.0, =0.3.12-20180525105709, =1.0.0, =0.0.1, =0.0.1, =0.2.2, =0.2.3 and more Source cves: CVE-2018-3750 Source advisory: OSV:GHSA-HR2V-3952-633Q...
CVE-2018-3750
The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all object...
CVE-2018-3750
The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all object...
DEBIAN-CVE-2018-3750
The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all object...
UBUNTU-CVE-2018-3750
The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all object...
CVE-2018-3750
The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all object...
Code injection
The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all object...