GMS-2018-17: Denial of Service and Remote Code Execution

February 15, 2018

Utilities function in defaults-deep can be tricked into modifying the prototype of “Object” when the attacker control part of the structure passed to these function. This can let an attacker add or modify existing property that will exist on all object. This can lead to denial of service or remote code execution.

References

github.com/jonschlinkert/defaults-deep/commit/c873f341327ad885ff4d0f23b3d3bca31b0343e5
hackerone.com/reports/310514

Code Behaviors & Features

Detect and mitigate GMS-2018-17 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →