This security bulletin contains one medium risk vulnerability.
CWE-400 - Resource exhaustion
Exploit availability: NoDescription
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to improper input validation in the "extend" method. A remote attacker can send a specially crafted request and add or modify properties of Object.prototype.Mitigation
Cybersecurity Help is currently unaware of any official solution to address this vulnerability.Vulnerable software versions
utils-extend: 1.0.0 - 1.0.8CPE2.3
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?