PT-2019-9311 · Npm · Just-Extend

Asgerf

Published

2019-02-01

Updated

2019-10-09

CVE-2018-16489

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions just-extend versions prior to 4.0.0

Description A prototype pollution issue allows an attack to inject properties onto Object.prototype through its functions, potentially adding or modifying properties of the Object prototype. These properties will be present on all objects.

Recommendations Update to version 4.0.0 or later.

Exploit

Fix

Special Elements Injection

Prototype Pollution

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-1321CWE-400

Related Identifiers

CVE-2018-16489

GHSA-675M-85RW-J3W4

Affected Products

Just-Extend

PT-2019-9311 · Npm · Just-Extend

CVE-2018-16489

Weakness Enumeration

Related Identifiers

Affected Products

References · 6