Lucene search
AsgerfNODEJS:782HistoryFeb 13, 2019 - 4:16 p.m.
Prototype Pollution
2019-02-1316:16:53
asgerf
www.npmjs.com
87
0.001 Low
EPSS
Percentile
47.9%
Overview
Versions of lodash before 4.17.5 are vulnerable to prototype pollution.
The vulnerable functions are ‘defaultsDeep’, ‘merge’, and ‘mergeWith’ which allow a malicious user to modify the prototype of Object via {constructor: {prototype: {...}}} causing the addition or modification of an existing property that will exist on all objects.
Recommendation
Update to version 4.17.11 or later.
References
Related
ibm
ibm
prion
prion
Buffer overflow
2019-02-01 18:29:00
github
github
Prototype Pollution in lodash
2019-02-07 18:16:48
redhatcve
redhatcve
CVE-2018-16487
2019-02-01 23:49:27
hackerone
hackerone
ubuntucve
ubuntucve
CVE-2018-16487
2019-02-01 00:00:00
nvd
nvd
CVE-2018-16487
2019-02-01 18:29:00
osv
osv
CVE-2018-16487
2019-02-01 18:29:00
Prototype Pollution in lodash
2019-02-07 18:16:48
veracode
veracode
Prototype Pollution Attack
2018-11-01 08:55:31
cve
cve
CVE-2018-16487
2019-02-01 18:29:00
debiancve
debiancve
CVE-2018-16487
2019-02-01 18:29:00
cvelist
cvelist
CVE-2018-16487
2019-02-01 18:00:00
openvas
openvas
Discourse < 2.3.0.beta10 Multiple Vulnerabilities
2019-06-17 00:00:00
kitploit
kitploit