utilitify prior to 1.0.3 allows modification of object properties. The merge method could be tricked into adding or modifying properties of the Object.prototype.
References
Link | Resource |
---|---|
https://github.com/xcritical-software/utilitify/commit/88d6e27009823338bf319ffb768fe6b08e8ad2d1%2C | |
https://snyk.io/vuln/SNYK-JS-UTILITIFY-559497 | Exploit Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: snyk
Published: 2020-03-11T22:05:07
Updated: 2020-03-11T22:05:07
Reserved: 2019-04-03T00:00:00
Link: CVE-2019-10808
JSON object: View
NVD Information
Status : Modified
Published: 2020-03-11T23:15:11.467
Modified: 2023-11-07T03:02:34.277
Link: CVE-2019-10808
JSON object: View
Redhat Information
No data.
CWE