CVE-2018-16492 — Vulnetix

Try Vulnetix Request Demo

CVE-2018-16492 PUBLISHED

A prototype pollution vulnerability was found in module extend <2.0.2, ~<3.0.2 that allows an attacker to inject arbitrary properties onto Object.prototype.

EPSS 2.52% · 85.3th percentile

Risk Scores

EPSS Score

2.52%

85.3th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:18.04:LTS	node-extend	0, 2.0.0-1
Ubuntu:16.04:LTS	node-extend	0, 2.0.0-1

Timeline

CVE Published
Aug 22, 2018 PoC Published
Apr 14, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Mar 17, 2025 EPSS Score
Mar 19, 2025 EPSS Score
Mar 27, 2025 EPSS Score
Mar 28, 2025 EPSS Score
Mar 29, 2025 EPSS Score
Apr 7, 2025 EPSS Score
Apr 8, 2025 EPSS Score
Apr 14, 2025 EPSS Score

References

https://ubuntu.com/security/CVE-2018-16492 third-party-advisory
https://hackerone.com/reports/381185 third-party-advisory
https://www.npmjs.com/advisories/996 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2018-16492 third-party-advisory

Open in Interactive Console →