Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-3721

Опубликовано: 15 фев. 2018
Источник: redhat
CVSS3: 2.9

Описание

lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via proto, causing the addition or modification of an existing property that will exist on all objects.

Отчет

Red Hat CloudForms version 4.7 does not ship component lodash, so isn't affected by this flaw. Red Hat Virtualization 4.2 EUS includes a vulnerable version of lodash as part of the ovirt-engine-dashboard package. This package has been removed from Red Hat Virtualization 4.3.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
CloudForms Management Engine 5lodash-railsWill not fix
Red Hat Mobile Application Platform 4nodejs-lodashNot affected
Red Hat OpenShift Enterprise 3nodejs-lodashWill not fix
Red Hat Virtualization 4ovirt-engine-api-explorerNot affected
Red Hat Virtualization 4ovirt-engine-dashboardOut of support scope
Red Hat Virtualization 4ovirt-engine-ui-extensionsNot affected
Red Hat Quay 3quay/quay-rhel8FixedRHSA-2021:391719.10.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1545884lodash: Prototype pollution in utilities function

2.9 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-3721

CVSS3: 6.5
ubuntu
больше 7 лет назад

lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.

nvd логотип

CVE-2018-3721

CVSS3: 6.5
nvd
больше 7 лет назад

lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.

debian логотип

CVE-2018-3721

CVSS3: 6.5
debian
больше 7 лет назад

lodash node module before 4.17.5 suffers from a Modification of Assume ...

github логотип

GHSA-fvqr-27wr-82fm

CVSS3: 6.5
github
больше 7 лет назад

Prototype Pollution in lodash

2.9 Low

CVSS3