37 matches found
Linux Distros Unpatched Vulnerability : CVE-2018-3721
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data MAID vulnerability via defaultsDeep, merge, and mergeWith functions, whic...
Linux Distros Unpatched Vulnerability : CVE-2018-16487
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A prototype pollution vulnerability was found in lodash 4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying...
Security Bulletin: CVE-2020-8203
Summary Node.js lodash module is vulnerable to a denial of service, caused by a prototype pollution attack. A remote attacker could exploit this vulnerability using the merge, mergeWith, and defaultsDeep functions to inject properties onto Object.prototype to crash the server and possibly execute...
Prototype Pollution in lodash.mergewith
Versions of lodash.mergewith before 4.6.2 are vulnerable to prototype pollution. The function mergeWith may allow a malicious user to modify the prototype of Object via constructor: prototype: ... causing the addition or modification of an existing property that will exist on all objects...
@alyzenpublic/craco (>=3.2.3-dev <=3.2.3-dev2), @amory/core (>=2018.8.29-1 <=2018.8.31-0) +153 more potentially affected by unknown CVE via lodash.mergewith (>=4.0.3 <=4.6.1)
lodash.mergewith NPM version =4.0.3, =3.2.3-dev, =2018.8.29-1, =2018.8.29-0, =2018.8.31-0, =0.1.0-18, =0.5.1-atomist-update-latest-1540938130032.20181101043939, =1.0.0, =1.10.0, =1.10.1, =1.0.0, =1.0.0, =1.0.0, =5.0.0, =5.2.8, =6.2.0 and more Source cves: unknown CVE Source advisory:...
GHSA-779F-WGXG-QR8F Prototype Pollution in lodash.mergewith
Versions of lodash.mergewith before 4.6.2 are vulnerable to prototype pollution. The function mergeWith may allow a malicious user to modify the prototype of Object via constructor: prototype: ... causing the addition or modification of an existing property that will exist on all objects...
GHSA-5947-M4FG-XHQG Prototype Pollution in lodash.mergewith
Versions of lodash.mergewith before 4.6.1 are vulnerable to Prototype Pollution. The function 'mergeWith' may allow a malicious user to modify the prototype of Object via proto causing the addition or modification of an existing property that will exist on all objects. Recommendation Update to...
Prototype Pollution in lodash.defaultsdeep
Versions of lodash.defaultsdeep before 4.6.1 are vulnerable to prototype pollution. The function mergeWith may allow a malicious user to modify the prototype of Object via constructor: prototype: ... causing the addition or modification of an existing property that will exist on all objects...
GHSA-H5MP-5Q4P-GGF5 Prototype Pollution in lodash.defaultsdeep
Versions of lodash.defaultsdeep before 4.6.1 are vulnerable to prototype pollution. The function mergeWith may allow a malicious user to modify the prototype of Object via constructor: prototype: ... causing the addition or modification of an existing property that will exist on all objects...
Node.js third-party modules: Prototype pollution attack (lodash)
I would like to report a prototype pollution vulnerability in lodash. It allows an attacker to inject properties on Object.prototype Module module name: lodash version: 4.17.15 npm page: https://www.npmjs.com/package/lodash Module Description The Lodash library exported as Node.js modules. Module...
Prototype Pollution
Overview Versions of lodash.defaultsdeep before 4.6.1 are vulnerable to prototype pollution. The function mergeWith may allow a malicious user to modify the prototype of Object via constructor: prototype: ... causing the addition or modification of an existing property that will exist on all...
GHSA-4XC9-XHRJ-V574 Prototype Pollution in lodash
Versions of lodash before 4.17.11 are vulnerable to prototype pollution. The vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of Object via constructor: prototype: ... causing the addition or modification of an existing propert...
Prototype Pollution in lodash
Versions of lodash before 4.17.11 are vulnerable to prototype pollution. The vulnerable functions are 'defaultsDeep', 'merge', and 'mergeWith' which allow a malicious user to modify the prototype of Object via constructor: prototype: ... causing the addition or modification of an existing propert...
CVE-2018-16487
A prototype pollution vulnerability was found in lodash 4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype...
DEBIAN-CVE-2018-16487
A prototype pollution vulnerability was found in lodash 4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype...
UBUNTU-CVE-2018-16487
A prototype pollution vulnerability was found in lodash 4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype...
CVE-2018-16487
A prototype pollution vulnerability was found in lodash 4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype...
CVE-2018-16487
A prototype pollution vulnerability was found in lodash 4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype...
PT-2018-3812
Name of the Vulnerable Software and Affected Versions lodash versions prior to 4.17.11 Description A prototype pollution issue was discovered in the merge, mergeWith, and defaultsDeep functions of the lodash library. This issue can be exploited to add or modify properties of Object.prototype. The...
@alyzenpublic/craco (>=3.2.3-dev <=3.2.3-dev2), @amory/core (>=2018.8.29-1 <=2018.8.31-0) +153 more potentially affected by CVE-2018-16487 +1 more via lodash.mergewith (>=4.0.3 <=4.6.1)
lodash.mergewith NPM version =4.0.3, =3.2.3-dev, =2018.8.29-1, =2018.8.29-0, =2018.8.31-0, =0.1.0-18, =0.5.1-atomist-update-latest-1540938130032.20181101043939, =1.0.0, =1.10.0, =1.10.1, =1.0.0, =1.0.0, =1.0.0, =5.0.0, =5.2.8, =6.2.0 and more Source cves: CVE-2018-16487, CVE-2018-3721 Source...