Total
24 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-8147 | 1 Utils-extend Project | 1 Utils-extend | 2020-04-06 | 7.5 HIGH | 9.8 CRITICAL |
| Flaw in input validation in npm package utils-extend version 1.0.8 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using utils-extend. | |||||
| CVE-2018-3728 | 1 Hapijs | 1 Hoek | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| hoek node module before 4.2.0 and 5.0.x before 5.0.3 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via 'merge' and 'applyToDefaults' functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | |||||
| CVE-2018-3723 | 1 Defaults-deep Project | 1 Defaults-deep | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| defaults-deep node module before 0.2.4 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | |||||
| CVE-2018-3722 | 1 Merge-deep Project | 1 Merge-deep | 2019-10-09 | 6.5 MEDIUM | 8.8 HIGH |
| merge-deep node module before 3.0.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects. | |||||