CVE-2018-3719

Exploit

EPSS 0.67%
Published 07.06.2018 02:29:08
Last modified 21.11.2024 04:05:56
Source support@hackerone.com
Teams watchlist Login
Open Login

mixin-deep node module before 1.3.1 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.

Affected products Warnungen 0 Metrics 3 CWE 2 References 5

Data is provided by the National Vulnerability Database (NVD)

Mixin-deep Project ≫ Mixin-deep SwPlatformnode.js Version < 1.3.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.67%	0.705

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-471 Modification of Assumed-Immutable Data (MAID)

The product does not properly protect an assumed-immutable element from being modified by an attacker.

https://github.com/jonschlinkert/mixin-deep/commit/578b0bc5e74e14de9ef4975f504dc698796bdf9c

Patch

Third Party Advisory

https://hackerone.com/reports/311236

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2018-3719

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-3719

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-3719

EUVD