@byinti/inticli (>=0.1.0 <=2.1.1), @firecubez/req (=1.2.0) +72 more potentially affected by CVE-2021-26707 via merge-deep (>=0.1.5 <=3.0.2)

merge-deep NPM version =0.1.5, =0.1.0, =1.0.2, =7.0.0, =5.2.0, =6.0.1, =0.0.0, =0.1.0-beta.2, =0.22.0, =1.0.0, =0.0.1, =0.0.2, =0.0.3 and more Source cves: CVE-2021-26707 Source advisory: OSV:GHSA-R6RJ-9CH6-G264...

Prototype pollution in Merge-deep

The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library...

GHSA-R6RJ-9CH6-G264 Prototype pollution in Merge-deep

The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library...

Command Execution Vulnerability in DeepSync IPSec VPNs

DeepTrust IPSec VPN provides an all-in-one networking solution for small and medium-sized branches. A command execution vulnerability exists in the DeepSync IPSec VPN, which can be exploited by an attacker to gain control of the server...

CVE-2021-26707

The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library...

CVE-2021-26707

The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library...

Code injection

The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library...

CVE-2021-26707

The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library...

CVE-2021-26707

The CVE-2021-26707 entry covers the merge-deep library for Node.js, which is vulnerable to prototype pollution in versions before 3.0.3. A specially crafted payload can overwrite or extend Object.prototype, causing the polluted properties to be inherited by all objects in the program. Documented ...

PT-2021-17103 · Unknown · Merge-Deep

Name of the Vulnerable Software and Affected Versions: merge-deep library versions prior to 3.0.3 Description: The issue allows an attacker to trick the library into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in t...

merge-deep 安全漏洞

merge-deep is an open source tool . It is used to recursively merge values in JavaScript objects. A security vulnerability exists in merge-deep before 3.0.3, which stems from the fact that the merge-deep library may be spoofed to override attributes of Object, the merge-deep library may be spoofe...

Akamai EAA Impersonation Vulnerability - A Deep Dive

In this post, we cover the technical details of CVE-2021-28091, the vulnerability impacting Akamai's Enterprise Application Access EAA platform...

CVE-2021-25944

Prototype pollution vulnerability in 'deep-defaults' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution...

CVE-2021-25944

Prototype pollution vulnerability in 'deep-defaults' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution...

Remote code execution

Prototype pollution vulnerability in 'deep-defaults' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution...

CVE-2021-25944

Prototype pollution vulnerability in 'deep-defaults' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution...

CVE-2021-25944

CVE-2021-25944 relates to a prototype pollution flaw in the npm module deep-defaults affecting versions 1.0.0–1.0.5. The root cause is that the internal function _deepDefaults() assigns properties without validating the input type, enabling an attacker to pollute Object.prototype (e.g., via malic...

deep-defaults 安全漏洞

deep-defaults is a package for npm. A security vulnerability exists in deep-defaults versions 1.0.0 through 1.0.5, which can be exploited by an attacker to cause a denial of service and possibly remote code execution...

PT-2021-16870 · Unknown · Deep-Defaults

Name of the Vulnerable Software and Affected Versions: deep-defaults versions 1.0.0 through 1.0.5 Description: The issue allows an attacker to cause a denial of service and may lead to remote code execution due to a prototype pollution vulnerability in the 'deep-defaults' module. The deepDefaults...

Command Execution Vulnerability in DC of Log Center Platform of DeepTrust Technology Co.

DeepService Technology Co., Ltd. is a product and service provider specializing in enterprise-class security, cloud computing and infrastructure. A command execution vulnerability exists in the DC of the Log Center platform of DeepService Technology Corporation, which can be exploited by an...