PT-2018-3979 · Node.Js · Extend

Asgerf

Publicado

2018-04-24

Atualizado

2019-10-09

CVE-2018-16492

CVSS v2.0

Crítica

Vetor

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions extend versions prior to 2.0.2 extend versions prior to 3.0.2

Description A prototype pollution issue allows an attacker to inject arbitrary properties onto Object.prototype. This can be exploited by a remote attacker to add or modify properties of the object prototype, potentially affecting all objects. The extend module's extend() function is vulnerable, enabling attackers to modify the Object prototype.

Recommendations For extend version 2.x, upgrade to 2.0.2 or later. For extend version 3.x, upgrade to 3.0.2 or later.

Exploit

Correção

Special Elements Injection

Resource Exhaustion

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-74CWE-400

Identificadores relacionados

BDU:2024-01410

CVE-2018-16492

GHSA-QRMC-FJ45-QFC2

Produtos afetados

Extend

PT-2018-3979 · Node.Js · Extend

CVE-2018-16492

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 21