You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.
mend-bolt-for-githubbot
changed the title
CVE-2018-3750 (High) detected in deep-extend-0.4.2.tgz
CVE-2018-3750 (Critical) detected in deep-extend-0.4.2.tgz
Aug 29, 2023
mend-bolt-for-githubbot
changed the title
CVE-2018-3750 (Critical) detected in deep-extend-0.4.2.tgz
CVE-2018-3750 (Medium) detected in deep-extend-0.4.2.tgz
Dec 20, 2023
mend-bolt-for-githubbot
changed the title
CVE-2018-3750 (Medium) detected in deep-extend-0.4.2.tgz
CVE-2018-3750 (High) detected in deep-extend-0.4.2.tgz
Feb 28, 2024
mend-bolt-for-githubbot
changed the title
CVE-2018-3750 (High) detected in deep-extend-0.4.2.tgz
CVE-2018-3750 (High) detected in deep-extend-0.4.2.tgz - autoclosed
Apr 15, 2024
✔️ This issue was automatically closed by Mend because the vulnerable library in the specific branch(es) was either marked as ignored or it is no longer part of the Mend inventory.
mend-bolt-for-githubbot
changed the title
CVE-2018-3750 (High) detected in deep-extend-0.4.2.tgz - autoclosed
CVE-2018-3750 (High) detected in deep-extend-0.4.2.tgz
Jun 11, 2024
CVE-2018-3750 - High Severity Vulnerability
Vulnerable Library - deep-extend-0.4.2.tgz
Recursive object extending
Library home page: https://registry.npmjs.org/deep-extend/-/deep-extend-0.4.2.tgz
Path to dependency file: /vendor/github.com/hashicorp/vault/ui/package.json
Path to vulnerable library: /vendor/github.com/hashicorp/vault/ui/package.json
Dependency Hierarchy:
Found in HEAD commit: 9060713df80212ee5546b36d1083fb607520eb0b
Found in base branch: master
Vulnerability Details
The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.
Publish Date: 2018-07-03
URL: CVE-2018-3750
CVSS 3 Score Details (7.3)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3750
Release Date: 2018-05-24
Fix Resolution (deep-extend): 0.5.1
Direct dependency fix Resolution (ember-cli-qunit): 4.0.1
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: