CVE-2018-16487

Опубликовано: 01 фев. 2019

Источник: nvd

CVSS3: 5.6

CVSS2: 6.8

EPSS Низкий

Описание

A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.

Ссылки

https://hackerone.com/reports/380873
Exploit
Issue Tracking
Third Party Advisory
https://security.netapp.com/advisory/ntap-20190919-0004/
Third Party Advisory
https://hackerone.com/reports/380873
Exploit
Issue Tracking
Third Party Advisory
https://security.netapp.com/advisory/ntap-20190919-0004/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:lodash:lodash:*:*:*:*:*:node.js:*:*

Версия до 4.17.11 (исключая)

EPSS

Процентиль: 60%

0.00403

Низкий

5.6 Medium

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-400

NVD-CWE-noinfo

Связанные уязвимости

CVE-2018-16487

CVSS3: 5.6

ubuntu

около 7 лет назад

A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.

CVE-2018-16487

CVSS3: 5.6

redhat

больше 7 лет назад

A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.

CVE-2018-16487

CVSS3: 5.6

debian

около 7 лет назад

A prototype pollution vulnerability was found in lodash <4.17.11 where ...

GHSA-4xc9-xhrj-v574

github

около 7 лет назад

Prototype Pollution in lodash

BDU:2022-05423

CVSS3: 5.6

fstec

больше 7 лет назад

Уязвимость функций merge, mergeWith и defaultsDeep библиотеки Lodash, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации

EPSS

Процентиль: 60%

0.00403

Низкий

5.6 Medium

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-400

NVD-CWE-noinfo