CVE-2019-10768

Summary

In AngularJS before 1.7.9 the function merge() could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.

Affected Software

VendorProductVersion RangeStatus
n/aAngularJSAll versions prior to version 1.7.9affected

Weaknesses

  • Prototype Pollution

ADP Enrichment

CVE Program Container

Additional References

References