CVE-2020-7644

Опубликовано: 28 апр. 2020

Источник: nvd

CVSS3: 8.1

CVSS2: 6.8

EPSS Низкий

Описание

fun-map through 3.3.1 is vulnerable to Prototype Pollution. The function assocInM could be tricked into adding or modifying properties of 'Object.prototype' using a 'proto' payload.

Ссылки

https://github.com/nathan7/fun-map/blob/master/index.js#L137%2C
https://snyk.io/vuln/SNYK-JS-FUNMAP-564436
Exploit
Mitigation
Third Party Advisory
https://github.com/nathan7/fun-map/blob/master/index.js#L137%2C
https://snyk.io/vuln/SNYK-JS-FUNMAP-564436
Exploit
Mitigation
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:fun-map_project:fun-map:*:*:*:*:*:*:*:*

Версия до 3.3.1 (включая)

EPSS

Процентиль: 66%

0.00506

Низкий

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-1321

Связанные уязвимости

GHSA-p33m-7w7f-gmj8