GSA_kwCzR0hTQS03cWdnLXZ3ODgtY2M5Oc4ABEK6

Critical EPSS: 0.00288% (0.51903 Percentile) EPSS:

Permalink JSON

utils-extend Prototype Pollution

Affected Packages	Affected Versions	Fixed Versions
npm:utils-extend	<= 1.0.8	No known fixed version
14 Dependent packages 15,517 Dependent repositories 308,778 Downloads last month Affected Version Ranges All affected versions 1.0.0, 1.0.1, 1.0.2, 1.0.3, 1.0.4, 1.0.5, 1.0.6, 1.0.7, 1.0.8

The latest version of utils-extend (1.0.8) is vulnerable to Prototype Pollution through the entry function(s) lib.extend. An attacker can supply a payload with Object.prototype setter to introduce or modify properties within the global prototype chain, causing denial of service (DoS) a the minimum consequence.

References:

https://nvd.nist.gov/vuln/detail/CVE-2024-57077
https://gist.github.com/tariqhawis/64bac50f8c2706e6880e45d50a507114
https://github.com/advisories/GHSA-7qgg-vw88-cc99

ecosyste.ms

Data

Tools

Indexes

Applications

Experiments

Advisories

GSA_kwCzR0hTQS03cWdnLXZ3ODgtY2M5Oc4ABEK6

utils-extend Prototype Pollution

Affected Version Ranges

All affected versions

Identifiers

Risk

Severity

EPSS

Classification

Source

Origin

Date and time

Published

Updated

API