CVE-2020-7616

Опубликовано: 07 апр. 2020

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

express-mock-middleware through 0.0.6 is vulnerable to Prototype Pollution. Exported functions by the package can be tricked into adding or modifying properties of the Object.prototype. Exploitation of this vulnerability requires creation of a new directory where an attack code can be placed which will then be exported by express-mock-middleware. As such, this is considered to be a low risk.

Ссылки

https://github.com/LingyuCoder/express-mock-middleware/blob/master/lib/index.js#L39
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-EXPRESSMOCKMIDDLEWARE-564120
Exploit
Third Party Advisory
https://github.com/LingyuCoder/express-mock-middleware/blob/master/lib/index.js#L39
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-EXPRESSMOCKMIDDLEWARE-564120
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:express-mock-middleware_project:express-mock-middleware:*:*:*:*:*:*:*:*

Версия до 0.0.6 (включая)

EPSS

Процентиль: 54%

0.00318

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-1321

Связанные уязвимости

GHSA-v39h-qm32-8gwq