CVE-2018-16491

描述

Versions of `node.extend` before 1.1.7 or 2.0.1 are vulnerable to prototype pollution. ## Recommendation Update to version 1.1.7, 2.0.1 or later.

受影響套件(2)

• Debian/node-extendfrom 0, < 3.0.2-1
• npm/node.extendfrom 0, < 1.1.7

CVSS 分數

參考連結(5)

• ADVISORYhttps://github.com/advisories/GHSA-r96c-57pf-9jjm
• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-16491
• ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2018-16491
• WEBhttps://hackerone.com/reports/430831
• WEBhttps://www.npmjs.com/advisories/781