CVE-2019-10806

Опубликовано: 09 мар. 2020

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

vega-util prior to 1.13.1 allows manipulation of object prototype. The 'vega.mergeConfig' method within vega-util could be tricked into adding or modifying properties of the Object.prototype.

Ссылки

https://github.com/vega/vega/commit/8f33a0b5170d7de4f12fc248ec0901234342367b
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-VEGAUTIL-559223
Exploit
Third Party Advisory
https://github.com/vega/vega/commit/8f33a0b5170d7de4f12fc248ec0901234342367b
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-VEGAUTIL-559223
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:vega_project:vega:*:*:*:*:*:*:*:*

Версия до 1.13.1 (исключая)

EPSS

Процентиль: 55%

0.00329

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-1321

Связанные уязвимости

CVE-2019-10806

CVSS3: 4.3

redhat

почти 6 лет назад

vega-util prior to 1.13.1 allows manipulation of object prototype. The 'vega.mergeConfig' method within vega-util could be tricked into adding or modifying properties of the Object.prototype.

GHSA-6hwh-rqwf-cxxr

CVSS3: 4.3

github

больше 4 лет назад

Improperly Controlled Modification of Dynamically-Determined Object Attributes in vega-util

EPSS

Процентиль: 55%

0.00329

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-1321