The merge.recursive function in the merge package <1.2.1 can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all objects allowing for a denial of service attack.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://hackerone.com/reports/381194 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: hackerone
Published: 2018-10-30T21:00:00
Updated: 2024-08-05T10:24:32.373Z
Reserved: 2018-09-04T00:00:00
Link: CVE-2018-16469
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-10-30T21:29:00.997
Modified: 2019-10-09T23:36:10.033
Link: CVE-2018-16469
Redhat
No data.