Описание
The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | ignored | end of standard support, was needs-triage |
| cosmic | ignored | end of life |
| devel | not-affected | 0.4.1-3 |
| disco | ignored | end of life |
| eoan | not-affected | 0.4.1-3 |
| esm-apps/bionic | needs-triage | |
| esm-apps/focal | not-affected | 0.4.1-3 |
| esm-apps/jammy | not-affected | 0.4.1-3 |
| esm-apps/noble | not-affected | 0.4.1-3 |
Показывать по
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.
The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.
The utilities function in all versions <= 0.5.0 of the deep-extend nod ...
EPSS
7.5 High
CVSS2
9.8 Critical
CVSS3