Soumettre #792387: 1024bit extend-deep 0.1.6 Prototype Pollutioninformation

Titre1024bit extend-deep 0.1.6 Prototype Pollution
DescriptionThe extend-deep package recursively merges objects without proper sanitization of the __proto__ property. This allows attackers to pollute the global Object.prototype, affecting all objects in the application. When a malicious object with a __proto__ property is merged, it modifies the base prototype, injecting properties that propagate to every existing and future object.
La source⚠️ https://github.com/sudo-secure/security-research/blob/main/extend-deep/prototype-pollution/PoC.md
Utilisateur
 sudosme (UID 96548)
Soumission29/03/2026 14:29 (il y a 22 jours)
Modérer19/04/2026 18:26 (21 days later)
StatutAccepté
Entrée VulDB358256 [1024bit extend-deep jusqu’à 0.1.6 index.js __proto__ Exécution de code à distance]
Points20

PrécédentAperçuSuivant

Do you want to use VulDB in your project?

Use the official API to access entries easily!