Описание
Properties-Reader before v2.2.0 vulnerable to prototype pollution
Properties-Reader prior to version 2.2.0 is vulnerable to prototype pollution. Version 2.2.0 contains a patch for this issue.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2020-28471
- https://github.com/steveukx/properties/issues/40
- https://github.com/steveukx/properties/commit/0877cc871db9865f58dd9389ce99e61be05380a5
- https://github.com/steveukx/properties/commit/4e4bc392ecfd0a128f48c1d69f64a0d7194fcaab
- https://security.snyk.io/vuln/SNYK-JS-PROPERTIESREADER-1048968
Пакеты
Наименование
properties-reader
npm
Затронутые версииВерсия исправления
< 2.2.0
2.2.0
Связанные уязвимости
CVSS3: 7.3
nvd
больше 3 лет назад
This affects the package properties-reader before 2.2.0.