The utilities function in all versions <= 0.3.0 of the merge-recursive node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.
References
Link | Resource |
---|---|
https://hackerone.com/reports/311337 | Exploit Issue Tracking Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: hackerone
Published: 2018-05-24T00:00:00
Updated: 2018-07-03T20:57:01
Reserved: 2017-12-28T00:00:00
Link: CVE-2018-3751
JSON object: View
NVD Information
Status : Analyzed
Published: 2018-07-03T21:29:00.653
Modified: 2018-09-04T17:19:58.207
Link: CVE-2018-3751
JSON object: View
Redhat Information
No data.
CWE