623 matches found
Prototype Pollution
Overview Versions of just-extend before 4.0.0 are vulnerable to prototype pollution. Provided certain input just-extend can add or modify properties of the Object prototype. These properties will be present on all objects. Recommendation Update to version 4.0.0 or later. References - HackerOne...
CVE-2018-16492
A prototype pollution vulnerability was found in module extend 2.0.2, 3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype...
Prototype Pollution
just-extend is vulnerable to prototype pollution. An attacker is able to inject arbitrary properties into Object.prototype to add or modify existing properties due to a lack of object validation...
CVE-2018-16492
A prototype pollution vulnerability was found in module extend 2.0.2, 3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype...
DEBIAN-CVE-2018-16491
A prototype pollution vulnerability was found in node.extend 1.1.7, 2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype...
DEBIAN-CVE-2018-16492
A prototype pollution vulnerability was found in module extend 2.0.2, 3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype...
CVE-2018-16492
A prototype pollution vulnerability was found in module extend 2.0.2, 3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype...
Buffer overflow
A prototype pollution vulnerability was found in module extend 2.0.2, 3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype...
CVE-2018-16489
A prototype pollution vulnerability was found in just-extend 4.0.0 that allows attack to inject properties onto Object.prototype through its functions...
UBUNTU-CVE-2018-16492
A prototype pollution vulnerability was found in module extend 2.0.2, 3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype...
UBUNTU-CVE-2018-16491
A prototype pollution vulnerability was found in node.extend 1.1.7, 2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype...
Design/Logic Flaw
A prototype pollution vulnerability was found in just-extend 4.0.0 that allows attack to inject properties onto Object.prototype through its functions...
CVE-2018-16489
A prototype pollution vulnerability was found in just-extend 4.0.0 that allows attack to inject properties onto Object.prototype through its functions...
CVE-2018-16492
A prototype pollution vulnerability was found in module extend 2.0.2, 3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype...
CVE-2018-16492
A prototype pollution vulnerability was found in module extend 2.0.2, 3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype...
CVE-2018-16492
CVE-2018-16492 is a prototype pollution vulnerability in the Node.js extend module, affecting versions earlier than 2.0.2 (and ~
CVE-2018-16489
CVE-2018-16489 is a prototype pollution vulnerability in the Node.js module just-extend, affecting versions before 4.0.0. An attacker can inject properties onto Object.prototype via the module’s functions, enabling an attacker to alter object properties globally and potentially cause denial of se...
Fedora 28 : nodejs-deep-extend (2018-636f73964f)
Security fix for CVE-2018-3750 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. %NASLMINLEVEL 70300...
Node.js third-party modules: Prototype pollution attack (smart-extend)
Hi team, I would like to report a prototype pollution vulnerability in smart-extend that allows an attacker to inject properties on Object.prototype. Module module name: smart-extend version: 1.7.3 npm page: https://www.npmjs.com/package/smart-extend Module Description smart-extend is an extensio...
Node.js third-party modules: Prototype pollution attack in just-extend
I would like to report a prototype pollution vulnerability in just-extend It allows an attacker to inject properties on Object.prototype. Module module name: just-extend version: 2.1.0, and 3.0.0 npm page: https://www.npmjs.com/package/just-extend Module Description Part of a library of...