Published: 01/02/2019 Updated: 18/09/2020

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.6 | Impact Score: 3.4 | Exploitability Score: 2.2

VMScore: 607

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.

Vulnerable Product	Search on Vulmon	Subscribe to Product
lodash lodash

Prototype Pollution in JavaScript

Prototype Pollution in JavaScript Prototype Pollution is a vulnerability affecting JavaScript Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects JavaScript allows all Object attributes to be altered, including their magical attributes such as __proto__, constructor and prototype An attacker m

NodeJS API/CLI for LEDENET UFO WiFi RGBW controllers.

lufo These NodeJS modules provide an API and CLI for controlling WiFi RGBW controllers made by LEDENET Documentation API CLI Unimplemented Features The following features from the mobile app are not implemented and are unlikely to be implemented in the future: Remote access and device naming (these are cloud features; this module is intended to be used in closed/controlled

Prototype Pollution in JavaScript Prototype Pollution is a vulnerability affecting JavaScript Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects JavaScript allows all Object attributes to be altered, including their magical attributes such as __proto__, constructor and prototype An attacker m

Convert a performatted CSV file to multiple valid localization files

Archive project with security advisory in dependencies This project has not been used for a long time and is not currently maintaned There are 2 security issues in dependecies: csv-parse CVE-2019-17592 lodash CVE-2019-1010266 CVE-2019-10744 CVE-2018-16487 CsvToL10nJson Convert a performatted CSV file to multiple valid localization files This module converts a single CSV file

Node.js セキュリティセキュリティベストプラクティス（日本語訳）

Nodejs セキュリティベストプラクティス（日本語訳）【原文】 nodejsorg/en/guides/security 目的このドキュメントは、現在の脅威モデルを拡張し、Nodejs アプリケーションをセキュアにする方法に関する広範なガイドラインを提供することを目的とします。本ドキュメントの内容 �

Prototype Pollution in JavaScript Prototype Pollution is a vulnerability affecting JavaScript Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects JavaScript allows all Object attributes to be altered, including their magical attributes such as __proto__, constructor and prototype An attacker m

NVD-CWE-noinfo https://hackerone.com/reports/380873 https://security.netapp.com/advisory/ntap-20190919-0004/https://nvd.nist.gov https://github.com/Kirill89/prototype-pollution-explained

CVE-2018-16487

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect