Prototype Pollution

smart-extend is vulnerable to prototype pollution. An attacker is able to inject arbitrary properties on Prototype objects to execute arbitrary code or cause a denial of service...

Prototype Pollution

Overview All versions of smart-extend are vulnerable to Prototype Pollution. The deep function allows attackers to modify the prototype of Object causing the addition or modification of an existing property that will exist on all objects. Recommendation No fix is currently available. Consider usi...

Prototype Pollution

Overview Versions of jquery prior to 3.4.0 are vulnerable to Prototype Pollution. The extend method allows an attacker to modify the prototype for Object causing changes in properties that will exist on all objects. Recommendation Upgrade to version 3.4.0 or later. References - HackerOne Report -...

Prototype Pollution

Overview Affected versions of this package are vulnerable to Prototype Pollution. The extend function can be tricked into modifying the prototype of Object when the attacker controls part of the structure passed to this function. This can let an attacker add or modify an existing property that wi...

[20190403] - Core - Object.prototype pollution in JQuery $.extend

The $.extend method of JQuery is vulnerable to Object.prototype pollution attacks...

Linux Kernel CVE-2019-9213 NULL Dereferences

By following the codepath that Andrea Arcangeli pointed out in his mails regarding the last bug I reported, I noticed that it is possible for userspace on a normal distro to map virtual address 0, which on an X86 system without SMAP enables the exploitation of kernel NULL pointer dereferences. Th...

3vot-salesforce-proxy (>=0.0.1 <=0.1.6), 47pages-keystone (>=0.0.1 <=0.0.5) +712 more potentially affected by CVE-2018-16491 via node.extend (>=0.0.1 <=1.1.6)

node.extend NPM version =0.0.1, =0.0.1, =0.0.1, =0.1.8, =0.0.6, =0.2.8-aneilbaboo1, =0.2.1, =0.5.0, =1.0.37, =0.2.1, =1.0.0, =0.2.35, =0.0.1, =2.3.1 and more Source cves: CVE-2018-16491 Source advisory: OSV:GHSA-R96C-57PF-9JJM...

@feidao-factory/server (>=5.0.201901071713 <=5.0.201901251726), @feidao-factory/service (>=5.0.201812141540 <=5.0.201901071619) +39 more potentially affected by CVE-2018-16491 via node.extend (=2.0.0)

node.extend NPM version =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on node.extend and may be impacted: - @feidao-factory/server =5.0.201901071713, =5.0.201812141540, =1.0.1-server20190117165116, =1.0.201901260938, =2.0.0, =0.0.1, =1.0.0,...

@amalto/custom-form-dialog (>=1.1.1 <=1.2.1), @amalto/dynamic-component (>=1.1.1 <=1.2.1) +50 more potentially affected by CVE-2018-16489 via just-extend (>=1.1.22 <=3.0.0)

just-extend NPM version =1.1.22, =1.1.1, =1.1.1, =1.0.18, =1.0.32, =1.1.0, =1.0.21, =1.0.17, =0.1.0, =1.0.5, =1.3.0, =1.0.0, =0.12.0, =0.1.0-alpha.4c5f8c5a, =0.1.0-alpha.4c5f8c5a, =5.0.3-0 and more Source cves: CVE-2018-16489 Source advisory: OSV:GHSA-675M-85RW-J3W4...

Prototype Pollution in just-extend

Versions of just-extend before 4.0.0 are vulnerable to prototype pollution. Provided certain input just-extend can add or modify properties of the Object prototype. These properties will be present on all objects. Recommendation Update to version 4.0.0 or later...

GHSA-675M-85RW-J3W4 Prototype Pollution in just-extend

Versions of just-extend before 4.0.0 are vulnerable to prototype pollution. Provided certain input just-extend can add or modify properties of the Object prototype. These properties will be present on all objects. Recommendation Update to version 4.0.0 or later...

192.168.0.172 (=4.6.1), 3nit-utils (>=0.13.0 <=1.0.2) +2496 more potentially affected by CVE-2018-16492 via extend (>=3.0.0 <=3.0.1)

extend NPM version =3.0.0, =0.13.0, =1.3.1, =0.0.1, =1.0.0, =0.1.0, =1.0.0, =3.0.0, =0.1.1, =5.0.0-alpha.1, =1.0.0, =1.0.0, =2018.6.20-0, =1.0.0, =1.1.1 and more Source cves: CVE-2018-16492 Source advisory: OSV:GHSA-QRMC-FJ45-QFC2...

GHSA-QRMC-FJ45-QFC2 Prototype Pollution in extend

Versions of extend prior to 3.0.2 for 3.x and 2.0.2 for 2.x are vulnerable to Prototype Pollution. The extend function allows attackers to modify the prototype of Object causing the addition or modification of an existing property that will exist on all objects. Recommendation If you're using...

Prototype Pollution in extend

Versions of extend prior to 3.0.2 for 3.x and 2.0.2 for 2.x are vulnerable to Prototype Pollution. The extend function allows attackers to modify the prototype of Object causing the addition or modification of an existing property that will exist on all objects. Recommendation If you're using...

08cms (=1.0.0), 1-of (>=1.0.0 <=1.0.1) +4831 more potentially affected by CVE-2018-16492 via extend (>=1.1.3 <=2.0.1)

extend NPM version =1.1.3, =1.0.0, =0.7.0, =0.1.0, =0.0.2, =0.0.1, =0.0.0, =0.1.4, =1.16.0, =0.0.1, =0.0.5 and more Source cves: CVE-2018-16492 Source advisory: OSV:GHSA-QRMC-FJ45-QFC2...

Prototype Pollution

Overview Versions of just-extend before 4.0.0 are vulnerable to prototype pollution. Provided certain input just-extend can add or modify properties of the Object prototype. These properties will be present on all objects. Recommendation Update to version 4.0.0 or later. References - HackerOne...

CVE-2018-16492

A prototype pollution vulnerability was found in module extend 2.0.2, 3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype...

Prototype Pollution

just-extend is vulnerable to prototype pollution. An attacker is able to inject arbitrary properties into Object.prototype to add or modify existing properties due to a lack of object validation...

CVE-2018-16492

A prototype pollution vulnerability was found in module extend 2.0.2, 3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype...

CVE-2018-16492

A prototype pollution vulnerability was found in module extend 2.0.2, 3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype...