CVE-2018-3720

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions assign-deep versions prior to 0.4.7

Description The issue allows a malicious user to modify the prototype of Object via proto, causing the addition or modification of an existing property that will exist on all objects. This is achieved through prototype pollution via merging functions.

Recommendations Update to version 0.4.7 or later.

Exploit

Fix

Prototype Pollution

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1321CWE-471

Related Identifiers

CVE-2018-3720

GHSA-XCVV-84J5-JW9H

Affected Products

Assign-Deep

CVE-2018-3720

Weakness Enumeration

Related Identifiers

Affected Products

References · 7