29 matches found
CVE-2018-3750
The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all object...
CVE-2018-3750
CVE-2018-3750 - mode C (concrete details provided) Affected software: the deep-extend Node.js module, specifically all versions
CVE-2018-3750
The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all object...
Fedora Update for nodejs-deep-extend FEDORA-2018-636f73964f
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 28 Update: nodejs-deep-extend-0.5.1-1.fc28
Recursive object extending...
CVE-2018-3750
The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all object...
Prototype Pollution
Overview Versions of deep-extend before 0.5.1 are vulnerable to prototype pollution. Recommendation Update to version 0.5.1 or later. References - HackerOne Report - GitHub Advisory...
Prototype Pollution
deep-extend is vulnerable to prototype pollution attacks. The vulnerability exists in the utility function where the prototype of Object can be overwritten to add or modify existing property on all objects...
Node.js third-party modules: Prototype pollution attack (deep-extend)
As discussed in 309391, here's the separate report for each of the library. This one is the information for the deep-extend library. Module: deep-extend Summary: Utilities function in all the listed modules can be tricked into modifying the prototype of "Object" when the attacker control part of...