PT-2018-16171 · Npm+4 · Deep-Extend+4

Holyvier

Published

2018-07-03

Updated

2021-02-16

CVE-2018-3750

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions deep-extend versions <= 0.5.0

Description The issue allows an attacker to modify the prototype of Object when they can control part of the structure passed to the utilities function. This can enable an attacker to add or modify existing properties that will exist on all objects.

Recommendations Update to version 0.5.1 or later.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2021:0549

CESA-2021_0549

CVE-2018-3750

GHSA-HR2V-3952-633Q

RHSA-2020:2625

RHSA-2021:0485

RHSA-2021:0549

RHSA-2021_0549

RLSA-2021:0549

Affected Products

Almalinux

Centos

Red Hat

Rocky Linux

Deep-Extend

PT-2018-16171 · Npm+4 · Deep-Extend+4

CVE-2018-3750

Weakness Enumeration

Related Identifiers

Affected Products

References · 32