53 matches found
Linux Distros Unpatched Vulnerability : CVE-2018-3721
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data MAID vulnerability via defaultsDeep, merge, and mergeWith functions, whic...
CVE-2024-38987
aofl cli-lib v3.14.0 was discovered to contain a prototype pollution via the component defaultsDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...
CVE-2024-38987
aofl cli-lib v3.14.0 was discovered to contain a prototype pollution via the component defaultsDeep. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service DoS via injecting arbitrary properties...
AofL JS Security Vulnerability
AofL JS is a framework open-sourced by AgeOfLearning. A security vulnerability exists in AofL JS version v3.14.0, which stems from inclusion of prototype contamination via the component defaultsDeep, allowing an attacker to execute arbitrary code or cause a denial of service DoS by injecting...
SUSE CVE-2019-10744
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload...
Security Bulletin: CVE-2020-8203
Summary Node.js lodash module is vulnerable to a denial of service, caused by a prototype pollution attack. A remote attacker could exploit this vulnerability using the merge, mergeWith, and defaultsDeep functions to inject properties onto Object.prototype to crash the server and possibly execute...
nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties
A Prototype Pollution vulnerability was found in lodash. Calling certain methods with untrusted JSON could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...
nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties
A Prototype Pollution vulnerability was found in lodash. Calling certain methods with untrusted JSON could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...
GHSA-H5MP-5Q4P-GGF5 Prototype Pollution in lodash.defaultsdeep
Versions of lodash.defaultsdeep before 4.6.1 are vulnerable to prototype pollution. The function mergeWith may allow a malicious user to modify the prototype of Object via constructor: prototype: ... causing the addition or modification of an existing property that will exist on all objects...
nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties
A Prototype Pollution vulnerability was found in lodash. Calling certain methods with untrusted JSON could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...
Node.js third-party modules: Prototype pollution attack (lodash)
I would like to report a prototype pollution vulnerability in lodash. It allows an attacker to inject properties on Object.prototype Module module name: lodash version: 4.17.15 npm page: https://www.npmjs.com/package/lodash Module Description The Lodash library exported as Node.js modules. Module...
nodejs-lodash: prototype pollution in defaultsDeep function leading to modifying properties
A Prototype Pollution vulnerability was found in lodash. Calling certain methods with untrusted JSON could lead to modifying objects up the prototype chain, including the global Object. A crafted JSON object passed to a vulnerable method could lead to denial of service or data injection, with...
DEBIAN-CVE-2019-10744
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload...
AZL-44634 CVE-2019-10744 affecting package js-jquery 3.5.0-4
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload...
CVE-2019-10744
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload...
UBUNTU-CVE-2019-10744
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload...
Design/Logic Flaw
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload...
CVE-2019-10744
Versions of lodash lower than 4.17.12 are vulnerable to Prototype Pollution. The function defaultsDeep could be tricked into adding or modifying properties of Object.prototype using a constructor payload...
lodash prototype contamination vulnerability
lodash is an open source JavaScript utility library . A prototype contamination vulnerability exists in lodash versions prior to 4.17.12. An attacker can exploit the vulnerability to add or modify objects of Object.prototype with the help of the 'defaultsDeep' parameter...
Prototype Pollution
Overview Versions of lodash.defaultsdeep before 4.6.1 are vulnerable to Prototype Pollution. The function 'defaultsDeep' may allow a malicious user to modify the prototype of Object via proto causing the addition or modification of an existing property that will exist on all objects. Recommendati...