-
Notifications
You must be signed in to change notification settings - Fork 122
/
Copy path368.json
26 lines (26 loc) · 949 Bytes
/
368.json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
{
"id": 368,
"created_at": "2018-02-12",
"updated_at": "2018-02-12",
"title": "lodash prototype pollution",
"author": {
"name": "Olivier Arteau",
"website": null,
"username": "HoLyVieR"
},
"module_name": "lodash",
"publish_date": "2018-02-12",
"cves": [
"CVE-2018-3721"
],
"vulnerable_versions": "<4.17.5",
"patched_versions": ">=4.17.5",
"overview": "lodash node module before 4.17.5 suffers from a prototype pollution vulnerability via 'defaultsDeep', 'merge', and 'mergeWith' functions, which allows a malicious user to modify the prototype of 'Object' via __proto__, causing the addition or modification of an existing property that will exist on all objects.",
"recommendation": "Update module to 4.17.5 or higher",
"references": [
"https://hackerone.com/reports/310443"
],
"cvss_vector": "CVSS:3.0/AV:L/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:L",
"cvss_score": 2.5,
"coordinating_vendor": null
}