CVE-2020-7708

Опубликовано: 18 авг. 2020

Источник: nvd

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

The package irrelon-path before 4.7.0; the package @irrelon/path before 4.7.0 are vulnerable to Prototype Pollution via the set, unSet, pushVal and pullVal functions.

Ссылки

https://github.com/Irrelon/irrelon-path/commit/8a126b160c1a854ae511659c111413ad9910ebe3
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-IRRELONPATH-598672
Exploit
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-IRRELONPATH-598673
Exploit
Third Party Advisory
https://github.com/Irrelon/irrelon-path/commit/8a126b160c1a854ae511659c111413ad9910ebe3
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-IRRELONPATH-598672
Exploit
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-IRRELONPATH-598673
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:irrelon:\@irrelon\/path:*:*:*:*:*:node.js:*:*

Версия до 4.7.0 (исключая)

cpe:2.3:a:irrelon:irrelon-path:*:*:*:*:*:node.js:*:*

Версия до 4.7.0 (исключая)

EPSS

Процентиль: 77%

0.01085

Низкий

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-1321

Связанные уязвимости

GHSA-j7cg-h9v9-6vqp