Home > Vulnerability Database > CVE-2018-3749

Mend.io Vulnerability Database

CVE-2018-3749

Good to know:

Date: May 23, 2018

The utilities function in all versions < 1.0.1 of the deap node module can be tricked into modifying the prototype of Object when the attacker can control part of the structure passed to this function. This can let an attacker add or modify existing properties that will exist on all objects.

Language: JS

Severity Score

5.3

Related Resources (3)

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-3749

Url: https://hackerone.com/reports/310446

Url: https://www.mend.io/vulnerability-database/CVE-2018-3749

Severity Score

5.3

Weakness Type (CWE)

Input Validation

CWE-20

Top Fix

Upgrade Version

Upgrade to version 1.0.1

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	6.3
Access Vector (AV):
Access Complexity (AC):
Authentication (AU):
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2018-3749

Good to know:

Date: May 23, 2018

Language: JS

Severity Score

Related Resources (3)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?