276 matches found
UBUNTU-CVE-2018-3750
The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all object...
CVE-2018-3750
The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all object...
Code injection
The utilities function in all versions = 1.0.0 of the merge-options node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all...
Design/Logic Flaw
The public node module versions = 1.0.3 allows to embed HTML in file names, which in certain conditions might lead to execute malicious JavaScript...
Code injection
The utilities function in all versions = 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all object...
CVE-2018-3749
The utilities function in all versions 1.0.1 of the deap node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects...
Cross site scripting
There is a Stored XSS vulnerability in the glance node module versions element allows to execute JavaScript code against any user who opens a directory listing containing such crafted file name...
CVE-2018-3748
There is a Stored XSS vulnerability in the glance node module versions element allows to execute JavaScript code against any user who opens a directory listing containing such crafted file name...
CVE-2018-3751
The utilities function in all versions = 0.3.0 of the merge-recursive node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all...
CVE-2018-3748
There is a Stored XSS vulnerability in the glance node module versions element allows to execute JavaScript code against any user who opens a directory listing containing such crafted file name...
CVE-2018-3747
CVE-2018-3747 concerns the public Node.js module (versions
CVE-2018-3750
CVE-2018-3750 - mode C (concrete details provided) Affected software: the deep-extend Node.js module, specifically all versions
CVE-2018-3753
The utilities function in all versions = 1.0.0 of the merge-objects node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all...
CVE-2018-3747
The public node module versions = 1.0.3 allows to embed HTML in file names, which in certain conditions might lead to execute malicious JavaScript...
CVE-2018-3748
The CVE concerns the Node.js module glance with a stored XSS vulnerability due to unsanitized file names served by its static directory. Connected sources show affected versions include glance
CVE-2018-3751
The CVE-2018-3751 cases document a Prototype Pollution flaw in the Node.js module merge-recursive (versions
CVE-2018-3752
The CVE-2018-3752 entry concerns the merge-options Node.js module (versions
CVE-2018-3749
CVE-2018-3749 affects the deap Node.js module: the utilities function can be abused to perform prototype pollution by modifying Object’s prototype when an attacker controls part of the input structure. This affects all versions
CVE-2018-3753
The CVE-2018-3753 issue affects the merge-objects module (versions
CVE-2018-3749
The utilities function in all versions 1.0.1 of the deap node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects...