Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4
CVSSv2

CVE-2018-3721

Published: 07/06/2018 Updated: 16/02/2024
CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8
CVSS v3 Base Score: 6.5 | Impact Score: 3.6 | Exploitability Score: 2.8
VMScore: 357
Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N
Subscribe to Lodash

Vulnerability Summary

lodash node module prior to 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

lodash lodash

netapp active iq unified manager -

netapp system manager 9.0

Vendor Advisories

Debian CVElist Bug Report Logs: node-lodash: CVE-2018-3721: Prototype pollution in utilities function
Debian Bug report logs - #890575 node-lodash: CVE-2018-3721: Prototype pollution in utilities function Package: src:node-lodash; Maintainer for src:node-lodash is Debian Javascript Maintainers <pkg-javascript-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 16 Feb 2018 0 ...
Red Hat: CVE-2018-3721
lodash node module before 4175 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects ...

Github Repositories

https://github.com/futoin/core-js-ri-invoker

FutoIn Core JS Invoker Reference Implementation

Stability: 3 - Stable About Documentation --> FutoIn Guide FutoIn Invoker is request initiating part in FutoIn microservice concept It invokes a FutoIn interface method as described in FTN3: FutoIn Interface Definition Invoker is not necessary a client - eg server may initiate request for callback to client Unlike HTTP REST API, FutoIn perfectly fits for "all-

https://github.com/D4rkP0w4r/SnykCon-CTF-2021

SnykCon-CTF-2021 Category: Web Name: Invisible Ink Level: None Description: None Solution Overview the challenge provided us a Request and Response and POST method I used curl command with POST method and seems nothing =)))) Now i read indexjs file 'use strict'; const fs = require('fs'); const express = require('express'); const app = expres

https://github.com/bunji2/NodeJS_Security_Best_Practice_JA

Node.js セキュリティセキュリティベストプラクティス(日本語訳)

Nodejs セキュリティベストプラクティス(日本語訳) 【原文】 nodejsorg/en/guides/security 目的 このドキュメントは、現在の脅威モデルを拡張し、Nodejs アプリケーションをセキュアにする方法に関する広範なガイドラインを提供することを目的とします。 本ドキュメントの内容

References

CWE-1321https://hackerone.com/reports/310443https://github.com/lodash/lodash/commit/d8e069cc3410082e44eb18fcf8e7f3d08ebe1d4ahttps://security.netapp.com/advisory/ntap-20190919-0004/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890575https://nvd.nist.govhttps://github.com/futoin/core-js-ri-invokerhttps://access.redhat.com/security/cve/cve-2018-3721
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693CVE-2024-30851CVE-2024-34460CVE-2024-2887localCVE-2024-27956remote code executionCVE-2024-34475privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook