Skip to content
This repository has been archived by the owner on Sep 15, 2022. It is now read-only.

Prototype Pollution #59

Open
larrycameron80 opened this issue Sep 16, 2019 · 0 comments
Open

Prototype Pollution #59

larrycameron80 opened this issue Sep 16, 2019 · 0 comments

Comments

@larrycameron80
Copy link

Prototype Pollution
Vulnerable module: lodash
Introduced through: [email protected]
Detailed paths
Introduced through: @polymathnetwork/abi-wrappers@PolymathNetwork/polymath-abi-wrappers#016f858f82ee983814ce487a8de0a67b68652196 › [email protected][email protected][email protected]
Overview
lodash is a modern JavaScript utility library delivering modularity, performance, & extras.

Affected versions of this package are vulnerable to Prototype Pollution. The functions merge, mergeWith, and defaultsDeep could be tricked into adding or modifying properties of Object.prototype. This is due to an incomplete fix to CVE-2018-3721
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@larrycameron80