RSS   Vulnerabilities for 'Merge-deep'   RSS

2018-06-06
 
CVE-2018-3722

CWE-noinfo
 

 
merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.

 


Copyright 2024, cxsecurity.com

 

Back to Top