← back
CVE-2018-16469

CVE-2018-16469

EPSS 1.7%CWE-400
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 1.7%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
30 Oct 2018Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The merge.recursive function in the merge package <1.2.1 can be tricked into adding or modifying properties of the Object prototype. These properties will be present on all objects allowing for a denial of service attack.
Affected products
HackerOne · merge

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://hackerone.com/reports/381194