Описание
A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Logging Subsystem for Red Hat OpenShift | openshift-logging/kibana6-rhel8 | Will not fix | ||
| Red Hat Mobile Application Platform 4 | nodejs-lodash | Out of support scope | ||
| Red Hat OpenShift Container Platform 3.10 | nodejs-lodash | Out of support scope | ||
| Red Hat OpenShift Container Platform 3.11 | kibana | Will not fix | ||
| Red Hat OpenShift Container Platform 3.11 | openshift3/grafana | Not affected | ||
| Red Hat OpenShift Container Platform 3.11 | openshift3/ose-console | Not affected | ||
| Red Hat OpenShift Container Platform 3.5 | nodejs-lodash | Out of support scope | ||
| Red Hat OpenShift Container Platform 3.6 | nodejs-lodash | Out of support scope | ||
| Red Hat OpenShift Container Platform 3.7 | nodejs-lodash | Out of support scope | ||
| Red Hat OpenShift Container Platform 3.9 | nodejs-lodash | Out of support scope |
Показывать по
Дополнительная информация
Статус:
EPSS
5.6 Medium
CVSS3
Связанные уязвимости
A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.
A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.
A prototype pollution vulnerability was found in lodash <4.17.11 where ...
Уязвимость функций merge, mergeWith и defaultsDeep библиотеки Lodash, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
EPSS
5.6 Medium
CVSS3