Lucene search
GoogleOSV:GHSA-QRMC-FJ45-QFC2HistoryFeb 07, 2019 - 6:03 p.m.
Prototype Pollution in extend
2019-02-0718:03:28
Google
osv.dev
8
0.004 Low
EPSS
Percentile
73.5%
Versions of extend prior to 3.0.2 (for 3.x) and 2.0.2 (for 2.x) are vulnerable to Prototype Pollution. The extend() function allows attackers to modify the prototype of Object causing the addition or modification of an existing property that will exist on all objects.
Recommendation
If you’re using extend 3.x upgrade to 3.0.2 or later.
If you’re using extend 2.x upgrade to 2.0.2 or later.
Related
redhatcve
redhatcve
CVE-2018-16492
2019-02-04 20:50:30
prion
prion
Buffer overflow
2019-02-01 18:29:00
cvelist
cvelist
CVE-2018-16492
2019-02-01 18:00:00
cve
cve
CVE-2018-16492
2019-02-01 18:29:01
ubuntucve
ubuntucve
CVE-2018-16492
2019-02-01 00:00:00
debiancve
debiancve
CVE-2018-16492
2019-02-01 18:29:01
github
github
Prototype Pollution in extend
2019-02-07 18:03:28
hackerone
hackerone
Node.js third-party modules: Prototype pollution attack (extend)
2018-07-13 10:04:52
veracode
veracode
Prototype Pollution
2018-07-26 02:27:50
nvd
nvd
CVE-2018-16492
2019-02-01 18:29:01
ibm
ibm
redhat
redhat