CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

6 matches found

Github Security Blog•added 2024/06/17 3:30 p.m.•13 views

object-deep-assign Prototype Pollution

alexbinary object-deep-assign 1.0.11 is vulnerable to Prototype Pollution via the extend method of Module.deepAssign /src/index.js...

9.8CVSS6.8AI score0.00193EPSS

Exploits0References3Affected Software1

NVD•added 2024/06/17 3:15 p.m.•14 views

CVE-2024-36582

alexbinary object-deep-assign 1.0.11 is vulnerable to Prototype Pollution via the extend method of Module.deepAssign /src/index.js...

9.8CVSS0.00193EPSS

Exploits0References1

GitLab Advisory Database•added 2024/06/17 12:0 a.m.•14 views

object-deep-assign Prototype Pollution

alexbinary object-deep-assign 1.0.11 is vulnerable to Prototype Pollution via the extend method of Module.deepAssign /src/index.js...

6.7AI score0.00193EPSS

Exploits0References4Affected Software1

Vulnrichment•added 2024/06/17 12:0 a.m.•14 views

CVE-2024-36582

alexbinary object-deep-assign 1.0.11 is vulnerable to Prototype Pollution via the extend method of Module.deepAssign /src/index.js...

7.1AI score0.00193EPSS

Exploits0References1

CVE•added 2024/06/17 12:0 a.m.•43 views

CVE-2024-36582

The CVE-2024-36582 entry affects alexbinary object-deep-assign version 1.0.11 and is caused by a lack of prototype checks in extend within Module.deepAssign (/src/index.js), enabling Prototype Pollution via special properties (e.g., proto ). Multiple sources (Veracode, GitHub advisory GHSA-4XG3-7...

9.8CVSS6.5AI score0.00193EPSS

Exploits0References1