Prototype Pollution

Overview All versions of merge-options are vulnerable to Prototype Pollution Recommendation Update to version 1.0.1 or greater. References - HackerOne Report - GitHub Commit - GitHub Advisory...

GHSA-QW93-45R3-P66P Prototype Pollution in merge-options

All versions of merge-options are vulnerable to Prototype Pollution Recommendation Update to version 1.0.1 or greater...

Prototype Pollution in merge-options

All versions of merge-options are vulnerable to Prototype Pollution Recommendation Update to version 1.0.1 or greater...

@aftonbladet/roc-package-web-app-gaea (>=0.1.0 <=0.4.1), @bitfirer/vue-qriously (=0.0.1) +133 more potentially affected by CVE-2018-3752 via merge-options (>=0.0.42 <=1.0.0)

merge-options NPM version =0.0.42, =0.1.0, =0.1.0, =0.0.1, =1.0.0, =0.1.0, =0.3.5, =0.1.6, =1.0.0-beta.1, =2.0.0, =1.0.0, =1.1.0, =1.16.1 and more Source cves: CVE-2018-3752 Source advisory: OSV:GHSA-QW93-45R3-P66P...

CVE-2018-3752

The utilities function in all versions = 1.0.0 of the merge-options node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all...

CVE-2018-3752

The utilities function in all versions = 1.0.0 of the merge-options node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all...

Code injection

The utilities function in all versions = 1.0.0 of the merge-options node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all...

CVE-2018-3752

The utilities function in all versions = 1.0.0 of the merge-options node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all...

CVE-2018-3752

The CVE-2018-3752 entry concerns the merge-options Node.js module (versions

Prototype Pollution

merge-options is vulnerable to prototype pollution attacks. The vulnerability exists in the utility function where the prototype of Object can be overwritten to add or modify existing property on all objects...

Node.js third-party modules: Prototype pollution attack (merge-options)

As discussed in 309391, here's the separate report for each of the library. This one is the information for the merge-options library. Module: merge-options Summary: Utilities function in all the listed modules can be tricked into modifying the prototype of "Object" when the attacker control part...