You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Dec 1, 2020. It is now read-only.
Merge multiple objects into one, optionally creating a new cloned object. Similar to the jQuery.extend but more flexible. Works in Node.js and the browser.
Path to vulnerable library: /tmp/git/instabyte/node_modules/merge/package.json
Dependency Hierarchy:
react-native-0.54.2.tgz (Root Library)
metro-0.28.0.tgz
jest-haste-map-22.4.2.tgz
sane-2.5.0.tgz
exec-sh-0.2.1.tgz
❌ merge-1.2.0.tgz (Vulnerable Library)
Vulnerability Details
The merge.recursive function in the merge package <1.2.1 can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all objects allowing for a denial of service attack.
CVE-2018-16469 - High Severity Vulnerability
Merge multiple objects into one, optionally creating a new cloned object. Similar to the jQuery.extend but more flexible. Works in Node.js and the browser.
Library home page: https://registry.npmjs.org/merge/-/merge-1.2.0.tgz
Path to dependency file: /instabyte/package.json
Path to vulnerable library: /tmp/git/instabyte/node_modules/merge/package.json
Dependency Hierarchy:
The merge.recursive function in the merge package <1.2.1 can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all objects allowing for a denial of service attack.
Publish Date: 2018-10-30
URL: CVE-2018-16469
Base Score Metrics:
- Exploitability Metrics:
- Attack Vector: Network
- Attack Complexity: Low
- Privileges Required: None
- User Interaction: None
- Scope: Unchanged
- Impact Metrics:
- Confidentiality Impact: None
- Integrity Impact: None
- Availability Impact: High
For more information on CVSS3 Scores, click here.Step up your Open Source Security Game with WhiteSource here