EUVD-2019-0238

Malware in sbrugna...

@amalto/custom-form-dialog (>=1.1.1 <=1.2.1), @amalto/dynamic-component (>=1.1.1 <=1.2.1) +50 more potentially affected by CVE-2018-16489 via just-extend (>=1.1.22 <=3.0.0)

just-extend NPM version =1.1.22, =1.1.1, =1.1.1, =1.0.18, =1.0.32, =1.1.0, =1.0.21, =1.0.17, =0.1.0, =1.0.5, =1.3.0, =1.0.0, =0.12.0, =0.1.0-alpha.4c5f8c5a, =0.1.0-alpha.4c5f8c5a, =5.0.3-0 and more Source cves: CVE-2018-16489 Source advisory: OSV:GHSA-675M-85RW-J3W4...

Prototype Pollution in just-extend

Versions of just-extend before 4.0.0 are vulnerable to prototype pollution. Provided certain input just-extend can add or modify properties of the Object prototype. These properties will be present on all objects. Recommendation Update to version 4.0.0 or later...

GHSA-675M-85RW-J3W4 Prototype Pollution in just-extend

Versions of just-extend before 4.0.0 are vulnerable to prototype pollution. Provided certain input just-extend can add or modify properties of the Object prototype. These properties will be present on all objects. Recommendation Update to version 4.0.0 or later...

Prototype Pollution

Overview Versions of just-extend before 4.0.0 are vulnerable to prototype pollution. Provided certain input just-extend can add or modify properties of the Object prototype. These properties will be present on all objects. Recommendation Update to version 4.0.0 or later. References - HackerOne...

Prototype Pollution

just-extend is vulnerable to prototype pollution. An attacker is able to inject arbitrary properties into Object.prototype to add or modify existing properties due to a lack of object validation...

Design/Logic Flaw

A prototype pollution vulnerability was found in just-extend 4.0.0 that allows attack to inject properties onto Object.prototype through its functions...

CVE-2018-16489

A prototype pollution vulnerability was found in just-extend 4.0.0 that allows attack to inject properties onto Object.prototype through its functions...

CVE-2018-16489

A prototype pollution vulnerability was found in just-extend 4.0.0 that allows attack to inject properties onto Object.prototype through its functions...

CVE-2018-16489

CVE-2018-16489 is a prototype pollution vulnerability in the Node.js module just-extend, affecting versions before 4.0.0. An attacker can inject properties onto Object.prototype via the module’s functions, enabling an attacker to alter object properties globally and potentially cause denial of se...

Node.js third-party modules: Prototype pollution attack in just-extend

I would like to report a prototype pollution vulnerability in just-extend It allows an attacker to inject properties on Object.prototype. Module module name: just-extend version: 2.1.0, and 3.0.0 npm page: https://www.npmjs.com/package/just-extend Module Description Part of a library of...