Lucene search
Veracode Vulnerability DatabaseVERACODE:7167HistoryJul 26, 2018 - 2:27 a.m.
Prototype Pollution
2018-07-2602:27:50
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
EPSS
0.004
Percentile
73.4%
node-extend is vulnerable to prototype pollution. The merging of the __proto__ property is not prevented and the Utilities function can be tricked into modifying the prototype of “Object” when the structure passed to these function is controlled by an attacker. This would allow adding or modifying existing properties that exist on all objects.
Related
cve
cve
CVE-2018-16492
2019-02-01 18:29:01
redhatcve
redhatcve
CVE-2018-16492
2019-02-04 20:50:30
prion
prion
Buffer overflow
2019-02-01 18:29:00
cvelist
cvelist
CVE-2018-16492
2019-02-01 18:00:00
ubuntucve
ubuntucve
CVE-2018-16492
2019-02-01 00:00:00
debiancve
debiancve
CVE-2018-16492
2019-02-01 18:29:01
github
github
Prototype Pollution in extend
2019-02-07 18:03:28
hackerone
hackerone
Node.js third-party modules: Prototype pollution attack (extend)
2018-07-13 10:04:52
osv
osv
Prototype Pollution in extend
2019-02-07 18:03:28
nvd
nvd
CVE-2018-16492
2019-02-01 18:29:01
ibm
ibm
redhat
redhat