CVE-2018-16491

Опубликовано: 01 фев. 2019

Источник: debian

EPSS Низкий

Описание

A prototype pollution vulnerability was found in node.extend <1.1.7, ~<2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
node-extend	fixed	3.0.2-1		package

Примечания

https://hackerone.com/reports/430831
nodejs not covered by security support

EPSS

Процентиль: 59%

0.00384

Низкий

Связанные уязвимости

CVE-2018-16491

CVSS3: 9.8

ubuntu

около 7 лет назад

A prototype pollution vulnerability was found in node.extend <1.1.7, ~<2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype.

CVE-2018-16491

CVSS3: 4.8

redhat

около 7 лет назад

A prototype pollution vulnerability was found in node.extend <1.1.7, ~<2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype.

CVE-2018-16491

CVSS3: 9.8

nvd

около 7 лет назад

A prototype pollution vulnerability was found in node.extend <1.1.7, ~<2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype.

GHSA-r96c-57pf-9jjm

CVSS3: 9.8

github

около 7 лет назад

Prototype Pollution in node.extend

EPSS

Процентиль: 59%

0.00384

Низкий