All vulnerabilities

CVE-2018-16492

Prototype Pollution in extend

Description

Versions of extend prior to 3.0.2 (for 3.x) and 2.0.2 (for 2.x) are vulnerable to Prototype Pollution. The extend() function allows attackers to modify the prototype of Object causing the addition or modification of an existing property that will exist on all objects.

Recommendation

If you're using extend 3.x upgrade to 3.0.2 or later. If you're using extend 2.x upgrade to 2.0.2 or later.

Patch Available

Fix available through Seal Security. No upgrade required, protect your application instantly.

Fix without upgrading
Score
9.8
Severity
Critical
Ecosystem
JavaScript
Publish Date
February 7, 2019
Modified Date
February 2, 2026
Score Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected Versions