Submeter #792387: 1024bit extend-deep 0.1.6 Prototype Pollutioninformação

Título1024bit extend-deep 0.1.6 Prototype Pollution
DescriçãoThe extend-deep package recursively merges objects without proper sanitization of the __proto__ property. This allows attackers to pollute the global Object.prototype, affecting all objects in the application. When a malicious object with a __proto__ property is merged, it modifies the base prototype, injecting properties that propagate to every existing and future object.
Fonte⚠️ https://github.com/sudo-secure/security-research/blob/main/extend-deep/prototype-pollution/PoC.md
Utilizador
 sudosme (UID 96548)
Submissão29/03/2026 14h29 (há 26 dias)
Moderação19/04/2026 18h26 (21 days later)
EstadoAceite
Entrada VulDB358256 [1024bit extend-deep até 0.1.6 index.js __proto__ Execução remota de código]
Pontos20

VoltarVisão GeralPróximo

Do you need the next level of professionalism?

Upgrade your account now!