Vulnerability Database
289,599
Total vulnerabilities in the database
CVE-2019-10768
In AngularJS before 1.7.9 the function merge() could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.
| Software | From | Fixed in |
|---|---|---|
| angularjs / angular.js | - | 1.7.9 |
@schematics / angular
|
- | 1.7.9 |
- https://github.com/angular/angular.js/commit/add78e62004e80bb1e16ab2dfe224afa8e513bc3
- https://github.com/angular/angular.js/pull/16913
- https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E
- https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E
- https://snyk.io/vuln/SNYK-JS-ANGULAR-534884
- https://www.npmjs.com/advisories/1343