54 matches found
Prototype Pollution
Overview lodash.basemerge is a The internal Lo-Dash function baseMerge as a Node.js module generated by lodash-cli. Affected versions of this package are vulnerable to Prototype Pollution. The functions merge, mergeWith, and defaultsDeep could be tricked into adding or modifying properties of...
GHSA-FVQR-27WR-82FM Prototype Pollution in lodash
Versions of lodash before 4.17.5 are vulnerable to prototype pollution. The vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of Object via proto causing the addition or modification of an existing property that will exist on al...
Prototype Pollution in lodash
Versions of lodash before 4.17.5 are vulnerable to prototype pollution. The vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of Object via proto causing the addition or modification of an existing property that will exist on al...
Node.js third-party modules: Prototype pollution attack (lodash / constructor.prototype)
I would like to report a prototype pollution vulnerability in lodash. It allows an attacker to inject properties on Object.prototype. Module module name: lodash version: 4.17.10 npm page: https://www.npmjs.com/package/lodash Module Description The Lodash library exported as Node.js modules. Modul...
CVE-2018-3721
lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data MAID vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property tha...
CVE-2018-3721
lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data MAID vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property tha...
AZL-45420 CVE-2018-3721 affecting package js-jquery 3.5.0-4
lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data MAID vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property tha...
Code injection
lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data MAID vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property tha...
CVE-2018-3721
lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data MAID vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property tha...
CVE-2018-3721
CVE-2018-3721 relates to the lodash node module prior to 4.17.5, enabling a prototype pollution MAID vulnerability through defaultsDeep, merge, and mergeWith that could modify Object.prototype via proto . The provided IBM security bulletin corroborates the vulnerability details for this CVE and l...
PT-2018-16145 · Lodash · Lodash
Name of the Vulnerable Software and Affected Versions: lodash versions prior to 4.17.5 Description: The issue allows a malicious user to modify the prototype of Object via proto , causing the addition or modification of an existing property that will exist on all objects. This is achieved through...
CVE-2018-3721
lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data MAID vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property tha...
@anjuna/charts (>=1.0.0-preview.45 <=1.0.0-preview.47), @badgeup/badgeup-browser-client (>=0.3.0 <=3.0.0) +186 more potentially affected by CVE-2018-3721 via lodash.defaultsdeep (>=4.3.2 <=4.6.0)
lodash.defaultsdeep NPM version =4.3.2, =1.0.0-preview.45, =0.3.0, =0.1.0, =0.3.0, =6.0.2, =1.0.0-rc.1, =1.2.0, =1.0.0, =0.9.16, =0.0.1, =0.275.1-chore-update-deps.3894.0, =0.18.2-alpha.1, =3.0.0, =6.8.1, =7.1.11 and more Source cves: CVE-2018-3721 Source advisory: SNYK:JS-LODASHDEFAULTSDEEP-4501...
Prototype Pollution
Overview lodash.defaultsdeep is a Lodash method .defaultsDeep exported as a Node.js module. Affected versions of this package are vulnerable to Prototype Pollution. The utilities function allow modification of the Object prototype. If an attacker can control part of the structure passed to this...