CVE-2018-3750

Priority
Description
The utilities function in all versions <= 0.5.0 of the deep-extend node
module can be tricked into modifying the prototype of Object when the
attacker can control part of the structure passed to this function. This
can let an attacker add or modify existing properties that will exist on
all objects.
Notes
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 18.04 LTS (Bionic Beaver):needs-triage
Ubuntu 19.10 (Eoan Ermine):not-affected (0.4.1-3)
Ubuntu 20.04 (Focal Fossa):not-affected (0.4.1-3)
Patches:
Upstream:https://github.com/unclechu/node-deep-extend/commit/433ee51ed606f4e1867ece57b6ff5a47bebb492f
More Information

Updated: 2020-01-29 18:55:06 UTC (commit 40f18bf14da5fb50662e1f861ea594a462b207fe)