CVE-2019-10768
HIGHAngularJS < 1.7.9 - Prototype Pollution via merge() Function
Title source: llmDescription
In AngularJS before 1.7.9 the function `merge()` could be tricked into adding or modifying properties of `Object.prototype` using a `__proto__` payload.
References (2)
Core 2
Core References
Exploit, Patch, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JS-ANGULAR-534884
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E
Scores
CVSS v3
7.5
EPSS
0.0218
EPSS Percentile
80.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-1321
Status
published
Products (2)
angularjs/angularjs
< 1.7.9
npm/angular
0 - 1.7.9npm
Published
Nov 19, 2019
Tracked Since
Feb 18, 2026