Lodash CVE-2018-16487 Vulnerability (CVE-2018-16487)

Description

A prototype pollution vulnerability was found in lodash <4.17.11 where the functions merge, mergeWith, and defaultsDeep can be tricked into adding or modifying properties of Object.prototype.

Remediation

References

CVE-2018-16487

Related Vulnerabilities

Plone CMS Improper Restriction of Rendered UI Layers or Frames Vulnerability (CVE-2024-0669)

WordPress Plugin Video Conferencing with Zoom Cross-Site Scripting (3.9.2)

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-31048)

WordPress Plugin Accept Stripe Donation-AidWP Cross-Site Request Forgery (3.1.5)

Oracle JRE CVE-2019-2989 Vulnerability (CVE-2019-2989)

Severity

Medium

Classification

CVE-2018-16487 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L