Описание
In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or modifying properties of `Object.prototype` using a `__proto__` payload.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| angular.js | fixed | 1.7.9-1 | package | |
| angular.js | no-dsa | buster | package | |
| angular.js | ignored | stretch | package | |
| angular.js | not-affected | jessie | package |
Примечания
https://github.com/angular/angular.js/commit/add78e62004e80bb1e16ab2dfe224afa8e513bc3
https://snyk.io/vuln/SNYK-JS-ANGULAR-534884
EPSS
Процентиль: 55%
0.00328
Низкий
Связанные уязвимости
CVSS3: 7.5
ubuntu
около 6 лет назад
In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or modifying properties of `Object.prototype` using a `__proto__` payload.
CVSS3: 7.5
redhat
больше 6 лет назад
In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or modifying properties of `Object.prototype` using a `__proto__` payload.
CVSS3: 7.5
nvd
около 6 лет назад
In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or modifying properties of `Object.prototype` using a `__proto__` payload.
EPSS
Процентиль: 55%
0.00328
Низкий