CVE-2018-3750

Опубликовано: 18 апр. 2018

Источник: redhat

CVSS3: 4.2

Описание

The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 8	nodejs:10/nodejs-nodemon	Fix deferred
Red Hat Mobile Application Platform 4	nodejs-deep-extend	Not affected
Red Hat OpenShift Enterprise 3	nodejs-deep-extend	Not affected
Red Hat Software Collections	rh-nodejs10-nodejs-nodemon	Fix deferred
Red Hat Software Collections	rh-nodejs4-nodejs-deep-extend	Will not fix
Red Hat Software Collections	rh-nodejs6-nodejs-deep-extend	Will not fix
Red Hat Enterprise Linux 8	nodejs	Fixed	RHSA-2021:0549	16.02.2021
Red Hat Software Collections for Red Hat Enterprise Linux 7	rh-nodejs8-nodejs	Fixed	RHSA-2020:2625	19.06.2020
Red Hat Software Collections for Red Hat Enterprise Linux 7	rh-nodejs12-nodejs	Fixed	RHSA-2021:0485	11.02.2021
Red Hat Software Collections for Red Hat Enterprise Linux 7	rh-nodejs12-nodejs-nodemon	Fixed	RHSA-2021:0485	11.02.2021

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-20

https://bugzilla.redhat.com/show_bug.cgi?id=1578246nodejs-deep-extend: Prototype pollution can allow attackers to modify object properties

4.2 Medium

CVSS3

Связанные уязвимости

CVE-2018-3750

CVSS3: 9.8

ubuntu

почти 7 лет назад

CVE-2018-3750

CVSS3: 9.8

nvd

почти 7 лет назад

CVE-2018-3750

CVSS3: 9.8

debian

почти 7 лет назад

The utilities function in all versions <= 0.5.0 of the deep-extend nod ...

GHSA-hr2v-3952-633q

CVSS3: 9.8

github

больше 6 лет назад

Prototype Pollution in deep-extend

RLSA-2021:0549

rocky

больше 4 лет назад

Moderate: nodejs:12 security update

4.2 Medium

CVSS3