54 matches found
Prototype Pollution
Overview Versions of lodash.defaultsdeep before 4.6.1 are vulnerable to Prototype Pollution. The function 'defaultsDeep' may allow a malicious user to modify the prototype of Object via proto causing the addition or modification of an existing property that will exist on all objects. Recommendati...
GHSA-JF85-CPCP-J695 Prototype Pollution in lodash
Versions of lodash before 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep allows a malicious user to modify the prototype of Object via constructor: prototype: ... causing the addition or modification of an existing property that will exist on all objects. Recommendation...
Prototype Pollution in lodash
Versions of lodash before 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep allows a malicious user to modify the prototype of Object via constructor: prototype: ... causing the addition or modification of an existing property that will exist on all objects. Recommendation...
PT-2019-2936 · Lodash · Lodash
Name of the Vulnerable Software and Affected Versions: lodash versions prior to 4.17.12 Description: The issue is related to the defaultsDeep function in the lodash library, which can be tricked into adding or modifying properties of Object.prototype using a constructor payload. This is due to...
Prototype Pollution
Overview Affected versions of this package are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload. PoC by Snyk const mergeFn = require'lodash'.defaultsDeep; const payload = '"constructor...
Prototype Pollution
Overview lodash-rails is a lodash for the Rails asset pipeline. Affected versions of this package are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload. PoC by Snyk const mergeFn =...
Prototype Pollution
Overview lodash is an utility library delivering consistency, modularity, performance, & extras. Affected versions of this package are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload...
Prototype Pollution
Overview lodash is a modern JavaScript utility library delivering modularity, performance, & extras. Affected versions of this package are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor...
Prototype Pollution
Overview @sailshq/lodash is a fork of Lodash 3.10.x with ongoing maintenance from the Sails core team. Affected versions of this package are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor...
GHSA-4XC9-XHRJ-V574 Prototype Pollution in lodash
Versions of lodash before 4.17.11 are vulnerable to prototype pollution. The vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of Object via constructor: prototype: ... causing the addition or modification of an existing propert...
Prototype Pollution in lodash
Versions of lodash before 4.17.11 are vulnerable to prototype pollution. The vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of Object via constructor: prototype: ... causing the addition or modification of an existing propert...
CVE-2018-16487
A prototype pollution vulnerability was found in lodash 4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype...
DEBIAN-CVE-2018-16487
A prototype pollution vulnerability was found in lodash 4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype...
UBUNTU-CVE-2018-16487
A prototype pollution vulnerability was found in lodash 4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype...
CVE-2018-16487
A prototype pollution vulnerability was found in lodash 4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype...
CVE-2018-16487
A prototype pollution vulnerability was found in lodash 4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype...
PT-2018-3812
Name of the Vulnerable Software and Affected Versions lodash versions prior to 4.17.11 Description A prototype pollution issue was discovered in the merge, mergeWith, and defaultsDeep functions of the lodash library. This issue can be exploited to add or modify properties of Object.prototype. The...
Prototype Pollution
Overview lodash.defaultsdeep is a Lodash method .defaultsDeep exported as a Node.js module. Affected versions of this package are vulnerable to Prototype Pollution. The functions merge, mergeWith, and defaultsDeep could be tricked into adding or modifying properties of Object.prototype. This is d...
Prototype Pollution
Overview lodash.basemerge is a The internal Lo-Dash function baseMerge as a Node.js module generated by lodash-cli. Affected versions of this package are vulnerable to Prototype Pollution. The functions merge, mergeWith, and defaultsDeep could be tricked into adding or modifying properties of...
Prototype Pollution
Overview @sailshq/lodash is a fork of Lodash 3.10.x with ongoing maintenance from the Sails core team. Affected versions of this package are vulnerable to Prototype Pollution. The functions merge, mergeWith, and defaultsDeep could be tricked into adding or modifying properties of Object.prototype...