Lucene search
Olivier Arteau (HoLyVieR)NODEJS:577HistoryApr 24, 2018 - 2:27 p.m.
Prototype Pollution
2018-04-2414:27:02
Olivier Arteau (HoLyVieR)
www.npmjs.com
63
0.001 Low
EPSS
Percentile
46.8%
Overview
Versions of lodash before 4.17.5 are vulnerable to prototype pollution.
The vulnerable functions are ‘defaultsDeep’, ‘merge’, and ‘mergeWith’ which allow a malicious user to modify the prototype of Object via __proto__ causing the addition or modification of an existing property that will exist on all objects.
Recommendation
Update to version 4.17.5 or later.
References
Related
osv
osv
Prototype Pollution in lodash
2018-07-26 15:14:52
CVE-2018-3721
2018-06-07 02:29:08
nvd
nvd
CVE-2018-3721
2018-06-07 02:29:08
nessus
nessus
RHEL 8 : lodash (Unpatched Vulnerability)
2024-05-11 00:00:00
prion
prion
Code injection
2018-06-07 02:29:00
github
github
Prototype Pollution in lodash
2018-07-26 15:14:52
ubuntucve
ubuntucve
CVE-2018-3721
2018-06-07 00:00:00
cve
cve
CVE-2018-3721
2018-06-07 02:29:08
cvelist
cvelist
CVE-2018-3721
2018-04-26 00:00:00
debiancve
debiancve
CVE-2018-3721
2018-06-07 02:29:08
hackerone
hackerone
Node.js third-party modules: Prototype pollution attack (lodash)
2018-01-30 06:36:13
redhatcve
redhatcve
CVE-2018-3721
2018-02-15 19:19:56
veracode
veracode
Prototype Pollution
2018-02-15 05:19:49
ibm
ibm
openvas
openvas
Discourse < 2.3.0.beta10 Multiple Vulnerabilities
2019-06-17 00:00:00
redhat
redhat
kitploit
kitploit