You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Found in base branch: git-branch--m-master--git-fetch-origin-git-branch--u-origin/--git-remote-set-head-origin--a
Vulnerability Details
The utilities function in all versions < 1.0.1 of the deap node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.
Mend Note: Converted from WS-2018-0090, on 2022-11-08.
mend-bolt-for-githubbot
changed the title
CVE-2018-3749 (High) detected in deap-1.0.0.tgz
CVE-2018-3749 (Critical) detected in deap-1.0.0.tgz
Dec 7, 2023
CVE-2018-3749 - Critical Severity Vulnerability
Vulnerable Library - deap-1.0.0.tgz
extend and merge objects, deep or shallow
Library home page: https://registry.npmjs.org/deap/-/deap-1.0.0.tgz
Path to dependency file: /package.json
Path to vulnerable library: /node_modules/deap/package.json
Dependency Hierarchy:
Found in HEAD commit: dc229a9f59fdfe6153b16c2f9456017e48115716
Found in base branch: git-branch--m-master--git-fetch-origin-git-branch--u-origin/--git-remote-set-head-origin--a
Vulnerability Details
The utilities function in all versions < 1.0.1 of the deap node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.
Mend Note: Converted from WS-2018-0090, on 2022-11-08.
Publish Date: 2018-07-03
URL: CVE-2018-3749
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: https://nodesecurity.io/advisories/611
Release Date: 2018-05-24
Fix Resolution (deap): 1.0.1
Direct dependency fix Resolution (gulp-uglify): 2.0.0
Step up your Open Source Security Game with Mend here
The text was updated successfully, but these errors were encountered: