597 matches found
DEBIAN-CVE-2018-16492
A prototype pollution vulnerability was found in module extend 2.0.2, 3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype...
DEBIAN-CVE-2018-16491
A prototype pollution vulnerability was found in node.extend 1.1.7, 2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype...
Design/Logic Flaw
A prototype pollution vulnerability was found in just-extend 4.0.0 that allows attack to inject properties onto Object.prototype through its functions...
CVE-2018-16489
A prototype pollution vulnerability was found in just-extend 4.0.0 that allows attack to inject properties onto Object.prototype through its functions...
UBUNTU-CVE-2018-16492
A prototype pollution vulnerability was found in module extend 2.0.2, 3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype...
CVE-2018-16489
A prototype pollution vulnerability was found in just-extend 4.0.0 that allows attack to inject properties onto Object.prototype through its functions...
UBUNTU-CVE-2018-16491
A prototype pollution vulnerability was found in node.extend 1.1.7, 2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype...
Buffer overflow
A prototype pollution vulnerability was found in module extend 2.0.2, 3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype...
CVE-2018-16489
CVE-2018-16489 is a prototype pollution vulnerability in the Node.js module just-extend, affecting versions before 4.0.0. An attacker can inject properties onto Object.prototype via the module’s functions, enabling an attacker to alter object properties globally and potentially cause denial of se...
CVE-2018-16492
CVE-2018-16492 is a prototype pollution vulnerability in the Node.js extend module, affecting versions earlier than 2.0.2 (and ~
CVE-2018-16492
A prototype pollution vulnerability was found in module extend 2.0.2, 3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype...
CVE-2018-16492
A prototype pollution vulnerability was found in module extend 2.0.2, 3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype...
Fedora 28 : nodejs-deep-extend (2018-636f73964f)
Security fix for CVE-2018-3750 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300...
Node.js third-party modules: Prototype pollution attack (smart-extend)
Hi team, I would like to report a prototype pollution vulnerability in smart-extend that allows an attacker to inject properties on Object.prototype. Module module name: smart-extend version: 1.7.3 npm page: https://www.npmjs.com/package/smart-extend Module Description smart-extend is an extensio...
Node.js third-party modules: Prototype pollution attack in just-extend
I would like to report a prototype pollution vulnerability in just-extend It allows an attacker to inject properties on Object.prototype. Module module name: just-extend version: 2.1.0, and 3.0.0 npm page: https://www.npmjs.com/package/just-extend Module Description Part of a library of...
Prototype Pollution in deep-extend
Versions of deep-extend before 0.5.1 are vulnerable to prototype pollution. Recommendation Update to version 0.5.1 or later...
GHSA-HR2V-3952-633Q Prototype Pollution in deep-extend
Versions of deep-extend before 0.5.1 are vulnerable to prototype pollution. Recommendation Update to version 0.5.1 or later...
08cms (=1.0.0), 3dshex (>=0.1.0 <=0.5.3) +9450 more potentially affected by CVE-2018-3750 via deep-extend (>=0.2.10 <=0.5.0)
deep-extend NPM version =0.2.10, =0.1.0, =1.0.0, =1.1.0, =4.0.0, =1.0.0, =0.3.12-20180525105709, =1.0.0, =0.0.1, =0.0.1, =0.2.2, =0.2.3 and more Source cves: CVE-2018-3750 Source advisory: OSV:GHSA-HR2V-3952-633Q...
Prototype Pollution
node-extend is vulnerable to prototype pollution. The merging of the proto property is not prevented and the Utilities function can be tricked into modifying the prototype of "Object" when the structure passed to these function is controlled by an attacker. This would allow adding or modifying...
Node.js third-party modules: Prototype pollution attack (extend)
I would like to report prototype pollution in extend It allows an attacker to inject properties on Object.prototype. Module module name: extend version: 3.0.1 npm page: https://www.npmjs.com/package/extend Module Description node-extend is a port of the classic extend method from jQuery. It behav...