GHSA-89mq-4x47-5v83
Suggest an improvement- Source
- https://github.com/advisories/GHSA-89mq-4x47-5v83
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2019/11/GHSA-89mq-4x47-5v83/GHSA-89mq-4x47-5v83.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-89mq-4x47-5v83
- Aliases
- Published
- 2019-11-20T15:29:43Z
- Modified
- 2025-01-14T07:14:37.017888Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- Prototype Pollution in angular
- Details
-
Versions of
angularprior to 1.7.9 are vulnerable to prototype pollution. The deprecated API functionmerge()does not restrict the modification of an Object's prototype in the , which may allow an attacker to add or modify an existing property that will exist on all objects.Recommendation
Upgrade to version 1.7.9 or later. The function was already deprecated and upgrades are not expected to break functionality.
- Database specific
{ "github_reviewed": true, "github_reviewed_at": "2019-11-20T00:51:05Z", "cwe_ids": [ "CWE-1321", "CWE-20", "CWE-915" ], "nvd_published_at": "2019-11-19T21:15:00Z", "severity": "HIGH" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2019-10768
- https://github.com/angular/angular.js/pull/16913
- https://github.com/angular/angular.js/commit/add78e62004e80bb1e16ab2dfe224afa8e513bc3
- https://github.com/angular/angular.js
- https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E
- https://snyk.io/vuln/SNYK-JS-ANGULAR-534884
- https://www.npmjs.com/advisories/1343
Affected packages
npm / angular
Package
- Name
- angular
- View open source insights on deps.dev
- Purl
- pkg:npm/angular