Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES SCA (Software Composition Analysis)

CVE-2018-3753 Vulnerability in npm package merge-objects

Description

The utilities function in all versions <= 1.0.0 of the merge-objects node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.

Remediation

References

https://hackerone.com/reports/310706

Related Vulnerabilities

CVE-2023-24807 Vulnerability in maven package org.webjars.npm:undici

CVE-2022-25760 Vulnerability in npm package accesslog

CVE-2021-27515 Vulnerability in maven package org.webjars.npm:url-parse

CVE-2021-23346 Vulnerability in npm package html-parse-stringify2

CVE-2020-36048 Vulnerability in maven package org.webjars.npm:engine.io

Severity

Critical

Classification

CWE-20 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Tags

Exploit Issue Tracking Third Party Advisory