CVE-2019-10768: angular Prototype Pollution vulnerability
(updated )
Versions of angular prior to 1.7.9 are vulnerable to prototype pollution. The deprecated API function merge() does not restrict the modification of an Object’s prototype in the , which may allow an attacker to add or modify an existing property that will exist on all objects.
References
- github.com/advisories/GHSA-89mq-4x47-5v83
- github.com/angular/angular.js
- github.com/angular/angular.js/commit/add78e62004e80bb1e16ab2dfe224afa8e513bc3
- github.com/angular/angular.js/pull/16913
- lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E
- lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E
- nvd.nist.gov/vuln/detail/CVE-2019-10768
- snyk.io/vuln/SNYK-JS-ANGULAR-534884
Code Behaviors & Features
Detect and mitigate CVE-2019-10768 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →