Description
CVE-2018-3750 - High Severity Vulnerability
Vulnerable Library - deep-extend-0.4.2.tgz
Recursive object extending
path: /OSWaldito/node_modules/deep-extend/package.json
Library home page: https://registry.npmjs.org/deep-extend/-/deep-extend-0.4.2.tgz
Dependency Hierarchy:
- ❌ deep-extend-0.4.2.tgz (Vulnerable Library)
Vulnerability Details
The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.
Publish Date: 2018-07-03
URL: CVE-2018-3750
CVSS 3 Score Details (9.8)
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: High
- Integrity Impact: High
- Availability Impact: High
Suggested Fix
Type: Change files
Origin: RetireJS/retire.js@6a71696
Release Date: 2018-05-09
Fix Resolution: Replace or update the following file: npmrepository.json
Step up your Open Source Security Game with WhiteSource here
Activity