Lucene search
K

29 matches found

Cvelist
Cvelist
added 2018/07/03 9:0 p.m.23 views

CVE-2018-3750

The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all object...

9.3AI score0.02147EPSS
Exploits1References1
CVE
CVE
added 2018/07/03 9:0 p.m.181 views

CVE-2018-3750

CVE-2018-3750 - mode C (concrete details provided) Affected software: the deep-extend Node.js module, specifically all versions

9.8CVSS9.1AI score0.02147EPSS
Exploits1References1Affected Software1
Debian CVE
Debian CVE
added 2018/07/03 9:0 p.m.24 views

CVE-2018-3750

The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all object...

9.8CVSS9.4AI score0.02147EPSS
Exploits1
OpenVAS
OpenVAS
added 2018/05/27 12:0 a.m.31 views

Fedora Update for nodejs-deep-extend FEDORA-2018-636f73964f

The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS9.5AI score0.02147EPSS
Exploits1References2
Fedora
Fedora
added 2018/05/26 8:46 p.m.31 views

[SECURITY] Fedora 28 Update: nodejs-deep-extend-0.5.1-1.fc28

Recursive object extending...

9.8CVSS2.9AI score0.02147EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2018/05/15 6:18 a.m.31 views

CVE-2018-3750

The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all object...

9.8CVSS5AI score0.02147EPSS
Exploits1References2
Node.js
Node.js
added 2018/04/24 11:13 p.m.522 views

Prototype Pollution

Overview Versions of deep-extend before 0.5.1 are vulnerable to prototype pollution. Recommendation Update to version 0.5.1 or later. References - HackerOne Report - GitHub Advisory...

6.9AI score
Exploits0Affected Software1
Veracode
Veracode
added 2018/04/16 2:44 a.m.29 views

Prototype Pollution

deep-extend is vulnerable to prototype pollution attacks. The vulnerability exists in the utility function where the prototype of Object can be overwritten to add or modify existing property on all objects...

9.8CVSS9AI score0.02147EPSS
Exploits1References4Affected Software3
Hacker One
Hacker One
added 2018/02/01 2:1 p.m.39 views

Node.js third-party modules: Prototype pollution attack (deep-extend)

As discussed in 309391, here's the separate report for each of the library. This one is the information for the deep-extend library. Module: deep-extend Summary: Utilities function in all the listed modules can be tricked into modifying the prototype of "Object" when the attacker control part of...

7.5CVSS1.8AI score0.02147EPSS
Exploits1
Rows per page
Query Builder