Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:npm/deep-extend@0.5.0

Type npm

Namespace

Name deep-extend

Version 0.5.0

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 0.5.1

Latest_non_vulnerable_version 0.5.1

Affected_by_vulnerabilities

url VCID-h63a-c7u2-t3d6

vulnerability_id VCID-h63a-c7u2-t3d6

summary

Improper Input Validation
The utilities function in all versions of the deep-extend node module can be tricked into modifying the prototype of `Object` when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.

references

reference_url	https://hackerone.com/reports/311333
reference_id
reference_type
scores
url	https://hackerone.com/reports/311333

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-3750
reference_id	CVE-2018-3750
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-3750

fixed_packages

url	pkg:npm/deep-extend@0.5.1
purl	pkg:npm/deep-extend@0.5.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:npm/deep-extend@0.5.1

aliases CVE-2018-3750

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h63a-c7u2-t3d6

Fixing_vulnerabilities

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:npm/deep-extend@0.5.0

Package Instance