1. Home
  2. Vulnerabilities
  3. CVE-2018-3750

CVE-2018-3750

CVSS v3.0 9.8 (Critical)
98% Progress
CVSS v2.0 7.5 (High)
75% Progress
EPSS 0.31 % (70th)
0.31% Progress
Affected Products 1
Advisories 5
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

The utilities function in all versions <= 0.5.0 of the deep-extend node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.

Weaknesses
CWE-20
Improper Input Validation
CVE Status
PUBLISHED
CNA
HackerOne
Published Date
2018-07-03 21:29:00
(6 years ago)
Updated Date
2018-08-23 13:12:28
(6 years ago)

Affected Products

Deep Extend Project

Configuration #1

    CPE23 From Up To
  Deep Extend Project Deep Extend for Node.js 0.5.0 and prior versions cpe:2.3:a:deep_extend_project:deep_extend::*:*:*:*:node.js <= 0.5.0