John-David Dalton

2 exploits Active since Jun 2018

CVE-2018-3721 WRITEUP MEDIUM WRITEUP

Lodash < 4.17.5 - Prototype Pollution

lodash node module before 4.17.5 suffers from a Modification of Assumed-Immutable Data (MAID) vulnerability via defaultsDeep, merge, and mergeWith functions, which allows a malicious user to modify the prototype of "Object" via __proto__, causing the addition or modification of an existing property that will exist on all objects.

CVSS 6.5

View Code

CVE-2020-7993 WRITEUP MEDIUM WRITEUP

Prototype 1.6.0.1 - Auth Bypass

Prototype 1.6.0.1 allows remote authenticated users to forge ticket creation (on behalf of other user accounts) via a modified email ID field.

CVSS 4.3

View Code