CVE-2018-3750

Source
https://nvd.nist.gov/vuln/detail/CVE-2018-3750
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-3750.json
Aliases
Related
Published
2018-07-03T21:29:00Z
Modified
2024-05-14T06:27:09.197804Z
Summary
[none]
Details

The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.

References

Affected packages

Git / github.com/unclechu/node-deep-extend

Affected ranges

Type
GIT
Repo
https://github.com/unclechu/node-deep-extend
Events
Introduced
0The exact introduced commit is unknown
Last affected
adb9c495d1dccbff3e87cdae157dc856f3a05c65

Affected versions

v0.*

v0.2.10
v0.2.11
v0.2.3
v0.2.4
v0.2.5
v0.2.6
v0.2.7
v0.2.8
v0.2.9
v0.3.0
v0.3.1
v0.3.2
v0.3.3
v0.4.0
v0.4.1
v0.4.2
v0.5.0