You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.
CVE-2018-3750 - High Severity Vulnerability
Vulnerable Library - deep-extend-0.2.11.tgz
Recursive object extending.
Library home page: https://registry.npmjs.org/deep-extend/-/deep-extend-0.2.11.tgz
Path to dependency file: atanas.info/package.json
Path to vulnerable library: atanas.info/node_modules/deep-extend/package.json
Dependency Hierarchy:
Found in HEAD commit: 90f20cfeb37da4a8dd328017712fc05509250560
Vulnerability Details
The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.
Publish Date: 2018-07-03
URL: CVE-2018-3750
CVSS 3 Score Details (9.8)
Base Score Metrics:
Suggested Fix
Type: Upgrade version
Origin: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3750
Release Date: 2019-01-24
Fix Resolution: 0.5.1
Step up your Open Source Security Game with WhiteSource here
The text was updated successfully, but these errors were encountered: