GHSA-v39h-qm32-8gwq

Опубликовано: 09 дек. 2021

Источник: github

Github: Прошло ревью

CVSS3: 5.3

Описание

Improperly Controlled Modification of Dynamically-Determined Object Attributes in express-mock-middleware

express-mock-middleware through 0.0.6 is vulnerable to Prototype Pollution. Exported functions by the package can be tricked into adding or modifying properties of the Object.prototype. Exploitation of this vulnerability requires creation of a new directory where an attack code can be placed which will then be exported by express-mock-middleware. As such, this is considered to be a low risk.

Ссылки

Пакеты

Наименование

express-mock-middleware

npm

Затронутые версииВерсия исправления

<= 0.0.6

Отсутствует

EPSS

Процентиль: 54%

0.00318

Низкий

5.3 Medium

CVSS3

CVE ID

CVE-2020-7616

Дефекты

CWE-1321

CWE-915

Связанные уязвимости

CVE-2020-7616

CVSS3: 5.3

nvd

почти 6 лет назад

express-mock-middleware through 0.0.6 is vulnerable to Prototype Pollution. Exported functions by the package can be tricked into adding or modifying properties of the `Object.prototype`. Exploitation of this vulnerability requires creation of a new directory where an attack code can be placed which will then be exported by `express-mock-middleware`. As such, this is considered to be a low risk.

EPSS

Процентиль: 54%

0.00318

Низкий

5.3 Medium

CVSS3

CVE ID

CVE-2020-7616

Дефекты

CWE-1321

CWE-915