Tag
cve-2018-16487
Safeguard articles tagged "cve-2018-16487" — guides, analysis, and best practices for software supply chain and application security.
2 articles
Vulnerability Analysis
lodash property injection via merge functions (CVE-2018-16487)
CVE-2018-16487 let attackers pollute Object.prototype via lodash's merge, mergeWith, and defaultsDeep functions. Here's how it works and how to fix it.
Jan 4, 20267 min read
Vulnerability Analysis
CVE-2018-16487: Prototype pollution in lodash via merge/m...
CVE-2018-16487 let attackers pollute Object.prototype through lodash's merge, mergeWith, and defaultsDeep — a bypass of an earlier fix, patched in 4.17.11.
Oct 17, 20257 min read