Lucene search
+L

623 matches found

Node.js
Node.js
added 2019/02/06 1:2 a.m.35 views

Prototype Pollution

Overview Versions of just-extend before 4.0.0 are vulnerable to prototype pollution. Provided certain input just-extend can add or modify properties of the Object prototype. These properties will be present on all objects. Recommendation Update to version 4.0.0 or later. References - HackerOne...

7.5CVSS3.9AI score0.01836EPSS
Exploits1Affected Software1
RedhatCVE
RedhatCVE
added 2019/02/04 8:50 p.m.24 views

CVE-2018-16492

A prototype pollution vulnerability was found in module extend 2.0.2, 3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype...

9.8CVSS4.3AI score0.0305EPSS
Exploits1References2
Veracode
Veracode
added 2019/02/04 4:16 a.m.25 views

Prototype Pollution

just-extend is vulnerable to prototype pollution. An attacker is able to inject arbitrary properties into Object.prototype to add or modify existing properties due to a lack of object validation...

9.8CVSS9.2AI score0.01836EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2019/02/01 6:29 p.m.31 views

CVE-2018-16492

A prototype pollution vulnerability was found in module extend 2.0.2, 3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype...

9.8CVSS9.4AI score0.0305EPSS
Exploits1References1
OSV
OSV
added 2019/02/01 6:29 p.m.4 views

DEBIAN-CVE-2018-16491

A prototype pollution vulnerability was found in node.extend 1.1.7, 2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype...

9.8CVSS7AI score0.01719EPSS
Exploits1References1
OSV
OSV
added 2019/02/01 6:29 p.m.3 views

DEBIAN-CVE-2018-16492

A prototype pollution vulnerability was found in module extend 2.0.2, 3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype...

9.8CVSS7AI score0.0305EPSS
Exploits1References1
OSV
OSV
added 2019/02/01 6:29 p.m.10 views

CVE-2018-16492

A prototype pollution vulnerability was found in module extend 2.0.2, 3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype...

9.8CVSS9.3AI score
Exploits0References1
Prion
Prion
added 2019/02/01 6:29 p.m.15 views

Buffer overflow

A prototype pollution vulnerability was found in module extend 2.0.2, 3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype...

7.5CVSS9.2AI score0.0305EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2019/02/01 6:29 p.m.24 views

CVE-2018-16489

A prototype pollution vulnerability was found in just-extend 4.0.0 that allows attack to inject properties onto Object.prototype through its functions...

9.8CVSS9.3AI score0.01836EPSS
Exploits1References1
OSV
OSV
added 2019/02/01 6:29 p.m.4 views

UBUNTU-CVE-2018-16492

A prototype pollution vulnerability was found in module extend 2.0.2, 3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype...

9.8CVSS7.3AI score0.0305EPSS
Exploits1References4
OSV
OSV
added 2019/02/01 6:29 p.m.5 views

UBUNTU-CVE-2018-16491

A prototype pollution vulnerability was found in node.extend 1.1.7, 2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype...

9.8CVSS5.8AI score0.01719EPSS
Exploits1References3
Prion
Prion
added 2019/02/01 6:29 p.m.27 views

Design/Logic Flaw

A prototype pollution vulnerability was found in just-extend 4.0.0 that allows attack to inject properties onto Object.prototype through its functions...

7.5CVSS9.3AI score0.01836EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2019/02/01 6:29 p.m.7 views

CVE-2018-16489

A prototype pollution vulnerability was found in just-extend 4.0.0 that allows attack to inject properties onto Object.prototype through its functions...

9.8CVSS5.7AI score0.01836EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2019/02/01 6:0 p.m.58 views

CVE-2018-16492

A prototype pollution vulnerability was found in module extend 2.0.2, 3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype...

9.8CVSS9.4AI score0.0305EPSS
Exploits1
Cvelist
Cvelist
added 2019/02/01 6:0 p.m.31 views

CVE-2018-16492

A prototype pollution vulnerability was found in module extend 2.0.2, 3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype...

9.3AI score0.0305EPSS
Exploits1References1
CVE
CVE
added 2019/02/01 6:0 p.m.96 views

CVE-2018-16492

CVE-2018-16492 is a prototype pollution vulnerability in the Node.js extend module, affecting versions earlier than 2.0.2 (and ~

9.8CVSS9.1AI score0.0305EPSS
Exploits1References1Affected Software1
CVE
CVE
added 2019/02/01 6:0 p.m.76 views

CVE-2018-16489

CVE-2018-16489 is a prototype pollution vulnerability in the Node.js module just-extend, affecting versions before 4.0.0. An attacker can inject properties onto Object.prototype via the module’s functions, enabling an attacker to alter object properties globally and potentially cause denial of se...

9.8CVSS9.2AI score0.01836EPSS
Exploits1References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2019/01/03 12:0 a.m.38 views

Fedora 28 : nodejs-deep-extend (2018-636f73964f)

Security fix for CVE-2018-3750 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300...

9.8CVSS8AI score0.02147EPSS
Exploits1References2
Hacker One
Hacker One
added 2018/11/09 4:5 p.m.16 views

Node.js third-party modules: Prototype pollution attack (smart-extend)

Hi team, I would like to report a prototype pollution vulnerability in smart-extend that allows an attacker to inject properties on Object.prototype. Module module name: smart-extend version: 1.7.3 npm page: https://www.npmjs.com/package/smart-extend Module Description smart-extend is an extensio...

7.1AI score
Exploits0
Hacker One
Hacker One
added 2018/10/29 5:3 p.m.50 views

Node.js third-party modules: Prototype pollution attack in just-extend

I would like to report a prototype pollution vulnerability in just-extend It allows an attacker to inject properties on Object.prototype. Module module name: just-extend version: 2.1.0, and 3.0.0 npm page: https://www.npmjs.com/package/just-extend Module Description Part of a library of...

7.5CVSS0.8AI score0.01836EPSS
Exploits1
Rows per page
Query Builder