Description

In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or modifying properties of `Object.prototype` using a `__proto__` payload.

Remediation

References

CVE-2019-10768

Related Vulnerabilities

Ruby Inadequate Encryption Strength Vulnerability (CVE-2021-32066)

SharePoint CVE-2020-17118 Vulnerability (CVE-2020-17118)

WordPress Plugin Wufoo Shortcode Cross-Site Scripting (1.47)

WordPress Plugin Pinterest Feed Multiple Vulnerabilities (1.1.1)

WordPress Plugin Simple Download Monitor Multiple Vulnerabilities (3.8.8)

Severity

High

Classification

CVE-2019-10768 CWE-20 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities