CVE-2020-7770

Опубликовано: 12 нояб. 2020

Источник: nvd

CVSS3: 6.5

CVSS3: 9.8

CVSS2: 7.5

EPSS Низкий

Описание

This affects the package json8 before 1.0.3. The function adds in the target object the property specified in the path, however it does not properly check the key being set, leading to a prototype pollution.

Ссылки

https://github.com/sonnyp/JSON8/commit/2e890261b66cbc54ae01d0c79c71b0fd18379e7e
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-JSON8-1017116
Exploit
Third Party Advisory
https://github.com/sonnyp/JSON8/commit/2e890261b66cbc54ae01d0c79c71b0fd18379e7e
Patch
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-JSON8-1017116
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:json8_project:json8:*:*:*:*:*:*:*:*

Версия до 1.0.3 (исключая)

EPSS

Процентиль: 56%

0.00334

Низкий

6.5 Medium

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-1321

Связанные уязвимости

GHSA-7h43-gx24-p529

CVSS3: 9.8

github

больше 4 лет назад

Prototype pollution in json8

EPSS

Процентиль: 56%

0.00334

Низкий

6.5 Medium

CVSS3

9.8 Critical

CVSS3

7.5 High

CVSS2

Дефекты

CWE-1321