The merge-deep library before 3.0.3 for Node.js can be tricked into overwriting properties of Object.prototype or adding new properties to it. These properties are then inherited by every object in the program, thus facilitating prototype-pollution attacks against applications using this library.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMerge Deep Project Merge Deep
APPMerge-Deep Project< 3.0.3Netapp E Series Performance Analyzer
APPNetappwszystkie wersje
Powiązane podatności
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory co...
In the Linux kernel before 5.1.17, ptrace_link in kernel/ptrace.c mishandles the recording of the credentials ...
An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when pr...
A flaw was found in glibc. An off-by-one buffer overflow and underflow in getcwd() may lead to memory corrupti...
Grafana is an open-source platform for monitoring and observability. Versions on the 8.x and 9.x branch prior ...