CVE-2018-3752

Published: Jul 3, 2018

Modified: Sep 16, 2024

PUBLISHED

Description

The utilities function in all versions <= 1.0.0 of the merge-options node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://hackerone.com/reports/311336

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-3752

Description

Affected Products

References