Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-3750

Опубликовано: 18 апр. 2018
Источник: redhat
CVSS3: 4.2
EPSS Низкий

Описание

The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 8nodejs:10/nodejs-nodemonFix deferred
Red Hat Mobile Application Platform 4nodejs-deep-extendNot affected
Red Hat OpenShift Enterprise 3nodejs-deep-extendNot affected
Red Hat Software Collectionsrh-nodejs10-nodejs-nodemonFix deferred
Red Hat Software Collectionsrh-nodejs4-nodejs-deep-extendWill not fix
Red Hat Software Collectionsrh-nodejs6-nodejs-deep-extendWill not fix
Red Hat Enterprise Linux 8nodejsFixedRHSA-2021:054916.02.2021
Red Hat Software Collections for Red Hat Enterprise Linux 7rh-nodejs8-nodejsFixedRHSA-2020:262519.06.2020
Red Hat Software Collections for Red Hat Enterprise Linux 7rh-nodejs12-nodejsFixedRHSA-2021:048511.02.2021
Red Hat Software Collections for Red Hat Enterprise Linux 7rh-nodejs12-nodejs-nodemonFixedRHSA-2021:048511.02.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1578246nodejs-deep-extend: Prototype pollution can allow attackers to modify object properties

EPSS

Процентиль: 60%
0.00405
Низкий

4.2 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-3750

CVSS3: 9.8
ubuntu
около 7 лет назад

The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.

nvd логотип

CVE-2018-3750

CVSS3: 9.8
nvd
около 7 лет назад

The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.

debian логотип

CVE-2018-3750

CVSS3: 9.8
debian
около 7 лет назад

The utilities function in all versions <= 0.5.0 of the deep-extend nod ...

github логотип

GHSA-hr2v-3952-633q

CVSS3: 9.8
github
почти 7 лет назад

Prototype Pollution in deep-extend

rocky логотип

RLSA-2021:0549

rocky
больше 4 лет назад

Moderate: nodejs:12 security update

EPSS

Процентиль: 60%
0.00405
Низкий

4.2 Medium

CVSS3