Описание
A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| cosmic | ignored | end of life |
| devel | not-affected | 4.17.11+dfsg-4 |
| disco | not-affected | 4.17.11+dfsg-2 |
| eoan | not-affected | 4.17.11+dfsg-4 |
| esm-apps/bionic | needed | |
| esm-apps/focal | not-affected | 4.17.11+dfsg-4 |
| esm-apps/jammy | not-affected | 4.17.11+dfsg-4 |
| esm-apps/noble | not-affected | 4.17.11+dfsg-4 |
| esm-apps/xenial | needed |
Показывать по
EPSS
6.8 Medium
CVSS2
5.6 Medium
CVSS3
Связанные уязвимости
A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.
A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.
A prototype pollution vulnerability was found in lodash <4.17.11 where ...
Уязвимость функций merge, mergeWith и defaultsDeep библиотеки Lodash, позволяющая нарушителю оказать воздействие на конфиденциальность, целостность и доступность защищаемой информации
EPSS
6.8 Medium
CVSS2
5.6 Medium
CVSS3