PT-2019-12040 · Google+1 · Angularjs+1

Pierre Villard

Publicado

2019-11-19

Atualizado

2025-11-20

CVE-2019-10768

CVSS v3.1

7.5

Alta

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions AngularJS versions prior to 1.7.9

Description The issue concerns the merge() function, which can be tricked into adding or modifying properties of Object.prototype using a proto payload. This may allow an attacker to add or modify an existing property that will exist on all objects. The problem arises because the deprecated API function merge() does not restrict the modification of an Object's prototype.

Recommendations For versions prior to 1.7.9, upgrade to version 1.7.9 or later.

Exploit

Correção

Prototype Pollution

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-915CWE-1321CWE-20

Identificadores relacionados

CVE-2019-10768

GHSA-89MQ-4X47-5V83

RHSA-2022:8849

RHSA-2022:8866

RHSA-2023:0274

SNYK-JS-ANGULAR-534884

Produtos afetados

Angularjs

Debian

PT-2019-12040 · Google+1 · Angularjs+1

CVE-2019-10768

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 16