9 matches found
The vulnerabilities of the merge, mergeWith, and defaultsDeep functions in the Lodash library allow attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the merge, mergeWith, and defaultsDeep functions in the Lodash library is related to an uncontrolled resource consumption. Exploiting this vulnerability could allow a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...
@adamvr/mongration (>=1.0.1 <=1.1.1), @aemcloud/aemcloud-cli (>=0.1.1 <=0.10.8) +2146 more potentially affected by unknown CVE via lodash.merge (>=2.2.1 <=4.6.0)
lodash.merge NPM version =2.2.1, =1.0.1, =0.1.1, =0.70.1, =1.0.1, =2.2.3, =1.3.5, =1.2.2, =0.1.0-18, =1.0.0, =0.0.9, =4.0.0, =1.0.0, =1.0.0-dev-152fa896b5f3eb24fb8b97a28b89f0a83ea5da0f, =1.0.0-dev-a5e815fb69787bead6cfece07fba686b91ed3d3a and more Source cves: unknown CVE Source advisory:...
GHSA-2M96-9W4J-WGV7 Prototype Pollution in lodash.merge
Versions of lodash.merge before 4.6.1 are vulnerable to Prototype Pollution. The function 'merge' may allow a malicious user to modify the prototype of Object via proto causing the addition or modification of an existing property that will exist on all objects. Recommendation Update to version...
@adamvr/mongration (>=1.0.1 <=1.1.1), @aemcloud/aemcloud-cli (>=0.1.1 <=0.10.8) +2282 more potentially affected by unknown CVE via lodash.merge (>=2.2.1 <=4.6.1)
lodash.merge NPM version =2.2.1, =1.0.1, =0.1.1, =0.70.1, =1.0.1, =2.2.3, =1.3.5, =1.2.2, =0.1.0-18, =0.5.1-atomist-update-latest-1540938130032.20181101043939, =1.0.0, =0.0.9, =4.0.0, =1.0.0, =1.0.2 and more Source cves: unknown CVE Source advisory: OSV:GHSA-H726-X36V-RX45...
GHSA-H726-X36V-RX45 Prototype Pollution in lodash.merge
Versions of lodash.merge before 4.6.2 are vulnerable to prototype pollution. The function merge may allow a malicious user to modify the prototype of Object via constructor: prototype: ... causing the addition or modification of an existing property that will exist on all objects. Recommendation...
@atlauncher/atlauncher-scripts (>=0.1.0-18 <=0.1.0-19), @atomist/sample-sdm (>=0.5.1-atomist-update-latest-1540938130032.20181101043939 <=0.5.1-master.20181101044648) +415 more potentially affected by CVE-2018-16487 +1 more via lodash.merge (>=4.0.1 <=4.6.1)
lodash.merge NPM version =4.0.1, =0.1.0-18, =0.5.1-atomist-update-latest-1540938130032.20181101043939, =5.3.8, =3.1.0, =5.0.0, =5.2.7, =5.2.8, =6.1.1, =5.0.0, =5.0.0, =5.2.8, =5.1.1, =0.1.3, =6.2.6, =6.3.3 and more Source cves: CVE-2018-16487, CVE-2018-3721 Source advisory:...
Prototype Pollution
Overview lodash.merge is a Lodash method .merge exported as a Node.js module. Affected versions of this package are vulnerable to Prototype Pollution. The functions merge, mergeWith, and defaultsDeep could be tricked into adding or modifying properties of Object.prototype. This is due to an...
@atlauncher/atlauncher-scripts (>=0.1.0-18 <=0.1.0-19), @atomist/sample-sdm (>=0.5.1-atomist-update-latest-1540938130032.20181101043939 <=0.5.1-master.20181101044648) +415 more potentially affected by CVE-2018-3721 via lodash.merge (>=4.0.1 <=4.6.1)
lodash.merge NPM version =4.0.1, =0.1.0-18, =0.5.1-atomist-update-latest-1540938130032.20181101043939, =5.3.8, =3.1.0, =5.0.0, =5.2.7, =5.2.8, =6.1.1, =5.0.0, =5.0.0, =5.2.8, =5.1.1, =0.1.3, =6.2.6, =6.3.3 and more Source cves: CVE-2018-3721 Source advisory: SNYK:JS-LODASHMERGE-173733...
Prototype Pollution
Overview lodash.merge is a Lodash method .merge exported as a Node.js module. Affected versions of this package are vulnerable to Prototype Pollution. The utilities function allow modification of the Object prototype. If an attacker can control part of the structure passed to this function, they...