Description
A vulnerability was found in RobinHerbots Inputmask up to 5.0.9. Affected by this issue is the function extendDefaults/extendDefinitions/extendAliases in the library lib/dependencyLibs/extend.js of the component Internal Deep Merge Helper. The manipulation results in improperly controlled modification of object prototype attributes. The attack may be performed from remote. The project was informed of the problem early through an issue report but has not responded yet.
No analysis available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
No advisories yet.
References
History
Sat, 18 Jul 2026 19:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability was found in RobinHerbots Inputmask up to 5.0.9. Affected by this issue is the function extendDefaults/extendDefinitions/extendAliases in the library lib/dependencyLibs/extend.js of the component Internal Deep Merge Helper. The manipulation results in improperly controlled modification of object prototype attributes. The attack may be performed from remote. The project was informed of the problem early through an issue report but has not responded yet. | |
| Title | RobinHerbots Inputmask Internal Deep Merge Helper extend.js extendAliases prototype pollution | |
| First Time appeared |
Robinherbots
Robinherbots inputmask |
|
| Weaknesses | CWE-1321 CWE-94 |
|
| CPEs | cpe:2.3:a:robinherbots:inputmask:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Robinherbots
Robinherbots inputmask |
|
| References |
| |
| Metrics |
cvssV2_0
|
Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2026-07-18T19:15:08.501Z
Reserved: 2026-07-17T19:01:44.871Z
Link: CVE-2026-16150
No data.
No data.
No data.
OpenCVE Enrichment
No data.