CVE-2018-3719

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions mixin-deep versions prior to 1.3.1

Description The issue allows a malicious user to modify the prototype of Object via proto, causing the addition or modification of an existing property that will exist on all objects. This is achieved through prototype pollution via merging functions.

Recommendations Update to version 1.3.1 or later.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-471CWE-20

Related Identifiers

CVE-2018-3719

GHSA-3MPR-HQ3P-49H9

Affected Products

Mixin-Deep

CVE-2018-3719

Weakness Enumeration

Related Identifiers

Affected Products

References · 13