CVE-2018-16492: Prototype Pollution in extend
(updated )
Versions of extend prior to 3.0.2 (for 3.x) and 2.0.2 (for 2.x) are vulnerable to Prototype Pollution. The extend() function allows attackers to modify the prototype of Object causing the addition or modification of an existing property that will exist on all objects.
References
- github.com/advisories/GHSA-qrmc-fj45-qfc2
- github.com/github/advisory-database/pull/6695
- github.com/justmoon/node-extend
- github.com/justmoon/node-extend/commit/0e68e71d93507fcc391e398bc84abd0666b28190
- github.com/justmoon/node-extend/pull/48
- hackerone.com/reports/381185
- nvd.nist.gov/vuln/detail/CVE-2018-16492
Code Behaviors & Features
Detect and mitigate CVE-2018-16492 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →