Lucene search
K

5 matches found

vulnersOsv
vulnersOsv
added 2020/09/03 6:10 p.m.5 views

@alyzenpublic/craco (>=3.2.3-dev <=3.2.3-dev2), @amory/core (>=2018.8.29-1 <=2018.8.31-0) +153 more potentially affected by unknown CVE via lodash.mergewith (>=4.0.3 <=4.6.1)

lodash.mergewith NPM version =4.0.3, =3.2.3-dev, =2018.8.29-1, =2018.8.29-0, =2018.8.31-0, =0.1.0-18, =0.5.1-atomist-update-latest-1540938130032.20181101043939, =1.0.0, =1.10.0, =1.10.1, =1.0.0, =1.0.0, =1.0.0, =5.0.0, =5.2.8, =6.2.0 and more Source cves: unknown CVE Source advisory:...

5.8AI score
Exploits0
OSV
OSV
added 2020/09/03 6:10 p.m.2 views

GHSA-779F-WGXG-QR8F Prototype Pollution in lodash.mergewith

Versions of lodash.mergewith before 4.6.2 are vulnerable to prototype pollution. The function mergeWith may allow a malicious user to modify the prototype of Object via constructor: prototype: ... causing the addition or modification of an existing property that will exist on all objects...

5.9AI score
Exploits0References1
OSV
OSV
added 2020/09/03 6:8 p.m.2 views

GHSA-5947-M4FG-XHQG Prototype Pollution in lodash.mergewith

Versions of lodash.mergewith before 4.6.1 are vulnerable to Prototype Pollution. The function 'mergeWith' may allow a malicious user to modify the prototype of Object via proto causing the addition or modification of an existing property that will exist on all objects. Recommendation Update to...

5.9AI score
Exploits0References1
vulnersOsv
vulnersOsv
added 2018/08/31 6:21 p.m.7 views

@alyzenpublic/craco (>=3.2.3-dev <=3.2.3-dev2), @amory/core (>=2018.8.29-1 <=2018.8.31-0) +153 more potentially affected by CVE-2018-16487 +1 more via lodash.mergewith (>=4.0.3 <=4.6.1)

lodash.mergewith NPM version =4.0.3, =3.2.3-dev, =2018.8.29-1, =2018.8.29-0, =2018.8.31-0, =0.1.0-18, =0.5.1-atomist-update-latest-1540938130032.20181101043939, =1.0.0, =1.10.0, =1.10.1, =1.0.0, =1.0.0, =1.0.0, =5.0.0, =5.2.8, =6.2.0 and more Source cves: CVE-2018-16487, CVE-2018-3721 Source...

6.8CVSS6.4AI score0.02413EPSS
Exploits3
vulnersOsv
vulnersOsv
added 2018/01/30 10:28 p.m.5 views

@blackbaud-bobbyearl/skyux-builder (>=1.10.0 <=1.10.1), @blackbaud/skyux-builder (>=1.10.1 <=1.31.0) +72 more potentially affected by CVE-2018-3721 via lodash.mergewith (>=4.0.3 <=4.6.0)

lodash.mergewith NPM version =4.0.3, =1.10.0, =1.10.1, =5.0.0, =5.2.8, =5.0.0, =5.0.0, =5.1.1, =1.3.0, =1.0.0-alpha.1, =1.0.4, =1.1.3, =1.0.0, =1.1.11, =1.0.3, =1.0.0, =1.0.0-alpha.3 and more Source cves: CVE-2018-3721 Source advisory: SNYK:JS-LODASHMERGEWITH-174137...

6.5CVSS6.4AI score0.02413EPSS
Exploits2
Rows per page
Query Builder