PT-2018-16145 · Lodash · Lodash

Holyvier

Publicado

2018-06-07

Atualizado

2024-02-16

CVE-2018-3721

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions lodash versions prior to 4.17.5

Description The issue allows a malicious user to modify the prototype of Object via proto, causing the addition or modification of an existing property that will exist on all objects. This is achieved through the defaultsDeep, merge, and mergeWith functions.

Recommendations Update to version 4.17.5 or later. As a temporary workaround, consider avoiding the use of the defaultsDeep, merge, and mergeWith functions until a patch is applied. Restrict access to these functions to minimize the risk of exploitation.

Exploit

Correção

Prototype Pollution

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-471CWE-1321

Identificadores relacionados

AZL-45420

CVE-2018-3721

GHSA-FVQR-27WR-82FM

Produtos afetados

Lodash

PT-2018-16145 · Lodash · Lodash

CVE-2018-3721

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 17