Описание
A prototype pollution vulnerability was found in node.extend <1.1.7, ~<2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype.
Ссылки
- ExploitIssue TrackingThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.1.7 (исключая)Версия от 2.0.0 (включая) до 2.0.1 (исключая)
Одно из
cpe:2.3:a:dreamerslab:node.extend:*:*:*:*:*:node.js:*:*
cpe:2.3:a:dreamerslab:node.extend:*:*:*:*:*:node.js:*:*
EPSS
Процентиль: 63%
0.00442
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-400
CWE-74
Связанные уязвимости
CVSS3: 9.8
ubuntu
около 7 лет назад
A prototype pollution vulnerability was found in node.extend <1.1.7, ~<2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype.
CVSS3: 4.8
redhat
около 7 лет назад
A prototype pollution vulnerability was found in node.extend <1.1.7, ~<2.0.1 that allows an attacker to inject arbitrary properties onto Object.prototype.
CVSS3: 9.8
debian
около 7 лет назад
A prototype pollution vulnerability was found in node.extend <1.1.7, ~ ...
EPSS
Процентиль: 63%
0.00442
Низкий
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-400
CWE-74