Description

A prototype pollution vulnerability was found in just-extend <4.0.0 that allows attack to inject properties onto Object.prototype through its functions.

Remediation

References

https://hackerone.com/reports/430291

Related Vulnerabilities

CVE-2020-7961 Vulnerability in maven package com.liferay.portal:com.liferay.portal.impl

CVE-2023-36472 Vulnerability in npm package @strapi/admin

CVE-2022-45598 Vulnerability in npm package @joplin/renderer

CVE-2020-8134 Vulnerability in npm package ghost

CVE-2020-7763 Vulnerability in npm package phantom-html-to-pdf

Severity

Critical

Classification

CWE-400 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Issue Tracking Third Party Advisory