No advisories yet.
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
Tue, 14 Jul 2026 16:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A vulnerability was identified in spencermountain compromise up to 14.15.1. Affected is the function nlp.extend of the file src/API/extend.js of the component Public Root API. The manipulation of the argument plugin leads to improperly controlled modification of object prototype attributes. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. The identifier of the patch is b4644ab7179700df0607521f61c1ee9b5f78d89d. Applying a patch is the recommended action to fix this issue. The vendor was contacted early, responded in a very professional manner and quickly released a fixed version of the affected product. | |
| Title | spencermountain compromise Public Root API extend.js nlp.extend prototype pollution | |
| First Time appeared |
Spencermountain
Spencermountain compromise |
|
| Weaknesses | CWE-1321 CWE-94 |
|
| CPEs | cpe:2.3:a:spencermountain:compromise:*:*:*:*:*:*:*:* | |
| Vendors & Products |
Spencermountain
Spencermountain compromise |
|
| References |
|
|
| Metrics |
cvssV2_0
|
Projects
Sign in to view the affected projects.
Status: PUBLISHED
Assigner: VulDB
Published:
Updated: 2026-07-14T17:52:49.267Z
Reserved: 2026-07-14T05:12:43.606Z
Link: CVE-2026-15699
No data.
No data.
No data.
OpenCVE Enrichment
No data.