Prototype Pollution

🗓️ 21 Feb 2018 02:28:52Reported by Veracode Vulnerability DatabaseType

veracode🔗 sca.analysiscenter.veracode.com👁 9 Views

Prototype Pollution vulnerability in defaults-deep utility function can lead to DoS and RCE attack

Reporter	Title	Published	Views	Family All 9
Node.js	Prototype Pollution	24 Apr 201814:37	–	nodejs
Github Security Blog	Prototype Pollution in defaults-deep	26 Jul 201815:18	–	github
OSV	CVE-2018-3723	7 Jun 201802:29	–	osv
OSV	Prototype Pollution in defaults-deep	26 Jul 201815:18	–	osv
NVD	CVE-2018-3723	7 Jun 201802:29	–	nvd
Cvelist	CVE-2018-3723	7 Jun 201802:00	–	cvelist
Hacker One	Node.js third-party modules: Prototype pollution attack (defaults-deep)	30 Jan 201815:14	–	hackerone
CVE	CVE-2018-3723	7 Jun 201802:29	–	cve
Prion	Code injection	7 Jun 201802:29	–	prion

Vulners

Node

defaults-deep_project defaults-deepRange≤0.2.3node.js

Source	Link
hackerone	www.hackerone.com/reports/310514
github	www.github.com/jonschlinkert/defaults-deep/commit/c873f341327ad885ff4d0f23b3d3bca31b0343e5

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

21 Feb 2018 02:52Current

9High risk

Vulners AI Score9

EPSS0.00401