Bug#926616: [Pkg-javascript-devel] Bug#926616: CVE-2018-3750: Prototype Pollution

Quick research: https://www.npmjs.com/advisories/612 node-deep-extend popcon = ~1900 apt-cache rdepends node-deep-extend node-deep-extend Reverse Depends: node-rc the watch file for node-rc is not picking up new releases because upstream uses the commit message to tag them instead of a

Bug#926616: [Pkg-javascript-devel] Bug#926616: CVE-2018-3750: Prototype Pollution

Control: tags -1 + security Le 08/04/2019 à 00:22, Jeff Cliff a écrit : > Package: node-deep-extend > Version: 0.4.1-1 > Severity: important > > Dear Maintainer, > > As per the ubuntu bug report: > > from https://snyk.io/vuln/npm:deep-extend:20180409 : > > deep-extend "all the listed modules

Bug#926616: CVE-2018-3750: Prototype Pollution

Package: node-deep-extend Version: 0.4.1-1 Severity: important Dear Maintainer, As per the ubuntu bug report: from https://snyk.io/vuln/npm:deep-extend:20180409 : deep-extend "all the listed modules can be tricked into modifying the prototype of "Object" when the attacker control part of