admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-06-19 17:30:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2018/CVE-2018-3752.md
0xMarcio ba290685fe Update CVE sources 2024-06-09 00:33
2024-06-09 00:33:16 +00:00

20 lines
859 B
Markdown
Raw Blame History

### [CVE-2018-3752](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3752)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)
### Description
The utilities function in all versions <= 1.0.0 of the merge-options node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.
### POC
#### Reference
- https://hackerone.com/reports/311336
- https://hackerone.com/reports/311336
#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ossf-cve-benchmark/CVE-2018-3752
Reference in New Issue View Git Blame Copy Permalink