5 matches found
@alyzenpublic/craco (>=3.2.3-dev <=3.2.3-dev2), @amory/core (>=2018.8.29-1 <=2018.8.31-0) +153 more potentially affected by unknown CVE via lodash.mergewith (>=4.0.3 <=4.6.1)
lodash.mergewith NPM version =4.0.3, =3.2.3-dev, =2018.8.29-1, =2018.8.29-0, =2018.8.31-0, =0.1.0-18, =0.5.1-atomist-update-latest-1540938130032.20181101043939, =1.0.0, =1.10.0, =1.10.1, =1.0.0, =1.0.0, =1.0.0, =5.0.0, =5.2.8, =6.2.0 and more Source cves: unknown CVE Source advisory:...
GHSA-779F-WGXG-QR8F Prototype Pollution in lodash.mergewith
Versions of lodash.mergewith before 4.6.2 are vulnerable to prototype pollution. The function mergeWith may allow a malicious user to modify the prototype of Object via constructor: prototype: ... causing the addition or modification of an existing property that will exist on all objects...
GHSA-5947-M4FG-XHQG Prototype Pollution in lodash.mergewith
Versions of lodash.mergewith before 4.6.1 are vulnerable to Prototype Pollution. The function 'mergeWith' may allow a malicious user to modify the prototype of Object via proto causing the addition or modification of an existing property that will exist on all objects. Recommendation Update to...
@alyzenpublic/craco (>=3.2.3-dev <=3.2.3-dev2), @amory/core (>=2018.8.29-1 <=2018.8.31-0) +153 more potentially affected by CVE-2018-16487 +1 more via lodash.mergewith (>=4.0.3 <=4.6.1)
lodash.mergewith NPM version =4.0.3, =3.2.3-dev, =2018.8.29-1, =2018.8.29-0, =2018.8.31-0, =0.1.0-18, =0.5.1-atomist-update-latest-1540938130032.20181101043939, =1.0.0, =1.10.0, =1.10.1, =1.0.0, =1.0.0, =1.0.0, =5.0.0, =5.2.8, =6.2.0 and more Source cves: CVE-2018-16487, CVE-2018-3721 Source...
@blackbaud-bobbyearl/skyux-builder (>=1.10.0 <=1.10.1), @blackbaud/skyux-builder (>=1.10.1 <=1.31.0) +72 more potentially affected by CVE-2018-3721 via lodash.mergewith (>=4.0.3 <=4.6.0)
lodash.mergewith NPM version =4.0.3, =1.10.0, =1.10.1, =5.0.0, =5.2.8, =5.0.0, =5.0.0, =5.1.1, =1.3.0, =1.0.0-alpha.1, =1.0.4, =1.1.3, =1.0.0, =1.1.11, =1.0.3, =1.0.0, =1.0.0-alpha.3 and more Source cves: CVE-2018-3721 Source advisory: SNYK:JS-LODASHMERGEWITH-174137...