2428 matches found
Prototype Pollution in assign-deep
Versions of assign-deep before 0.4.7 are vulnerable to prototype pollution via merging functions. Recommendation Update to version 0.4.7 or later...
GHSA-XCVV-84J5-JW9H Prototype Pollution in assign-deep
Versions of assign-deep before 0.4.7 are vulnerable to prototype pollution via merging functions. Recommendation Update to version 0.4.7 or later...
apidocs-cli (>=0.0.0 <=2.0.1), assemble-init (=0.1.0) +80 more potentially affected by CVE-2018-3719 via mixin-deep (>=0.1.0 <=1.0.1)
mixin-deep NPM version =0.1.0, =0.0.0, =0.1.0-beta.2, =0.1.0, =0.1.1, =0.1.2, =0.0.1, =0.0.1, =0.1.0, =1.0.2, =0.0.5, =0.2.2, =0.3.0 - create-component =0.1.1 and more Source cves: CVE-2018-3719 Source advisory: OSV:GHSA-3MPR-HQ3P-49H9...
Prototype Pollution in mixin-deep
Versions of mixin-deep before 1.3.1 are vulnerable to prototype pollution via merging functions. Recommendation Update to version 1.3.1 or later...
GHSA-3MPR-HQ3P-49H9 Prototype Pollution in mixin-deep
Versions of mixin-deep before 1.3.1 are vulnerable to prototype pollution via merging functions. Recommendation Update to version 1.3.1 or later...
Node.js third-party modules: Prototype pollution attack (defaults-deep / constructor.prototype)
I would like to report a prototype pollution vulnerability in defaults-deep. It allows an attacker to inject properties on Object.prototype. Module module name: defaults-deep version: 0.2.4 npm page: https://www.npmjs.com/package/defaults-deep Module Description Like extend but recursively copies...
CVE-2018-3750
The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all object...
CVE-2018-3750
The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all object...
DEBIAN-CVE-2018-3750
The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all object...
UBUNTU-CVE-2018-3750
The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all object...
CVE-2018-3750
The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all object...
Code injection
The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all object...
CVE-2018-3750
The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all object...
CVE-2018-3750
CVE-2018-3750 - mode C (concrete details provided) Affected software: the deep-extend Node.js module, specifically all versions
CVE-2018-3750
The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all object...
Meet MyloBot malware turning Windows devices into Botnet
By Waqas The IT security researchers at deep learning cybersecurity firm Deep This is a post from HackRead.com Read the original post: Meet MyloBot malware turning Windows devices into Botnet...
Securing Containers at Scale: Amazon EKS, Amazon ECS and Deep Security Smart Check
Containers present a new opportunity for teams. An opportunity to deploy faster, more consistently, and with a simplicity rarely seen. But in order to make that happen a lot of infrastructure needs to be setup ahead of time. A cluster of hosts for the container runtime, an orchestration layer,...
CVE-2018-3722
merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data MAID vulnerability, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects...
CVE-2018-3720
assign-deep node module before 0.4.7 suffers from a Modification of Assumed-Immutable Data MAID vulnerability, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects...
CVE-2018-3719
mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data MAID vulnerability, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects...