CVE-2020-8116

CVSS v3.1 7.3 (High)

CVSS v2.0 7.5 (High)

EPSS 0.18 % (56^th)

Affected Products 1

Advisories 9

Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.

Weaknesses

CWE-1321: Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-471: Modification of Assumed-Immutable Data (MAID)

CVE Status: PUBLISHED
CNA: HackerOne
Published Date: 2020-02-04 20:15:13
(4 years ago)
Updated Date: 2022-08-05 19:32:41
(2 years ago)

Affected Products

Dot-prop Project

Dot-prop

Configuration #1

		CPE23	From	Up To
	Dot-prop Project Dot-prop for Node.js prior 4.2.1 version	cpe:2.3:a:dot-prop_project:dot-prop::::::node.js		< 4.2.1
	Dot-prop Project Dot-prop for Node.js from 5.0.0 version and prior 5.1.1 version	cpe:2.3:a:dot-prop_project:dot-prop::::::node.js	>= 5.0.0	< 5.1.1