WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2018-3752 Vulnerability in npm package merge-options

Description

The utilities function in all versions <= 1.0.0 of the merge-options node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.

Remediation

References

https://hackerone.com/reports/311336

Related Vulnerabilities

CVE-2022-31367 Vulnerability in npm package strapi

CVE-2023-3635 Vulnerability in maven package com.squareup.okio:okio

CVE-2021-32622 Vulnerability in npm package matrix-react-sdk

CVE-2020-15256 Vulnerability in maven package org.webjars.npm:object-path

CVE-2020-26226 Vulnerability in npm package semantic-release

Severity

Critical

Classification

CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Issue Tracking Third Party Advisory