CVE-2020-7792

Опубликовано: 11 дек. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 7.5

EPSS Низкий

Описание

This affects all versions of package mout. The deepFillIn function can be used to 'fill missing properties recursively', while the deepMixIn 'mixes objects into the target object, recursively mixing existing child objects as well'. In both cases, the key used to access the target object recursively is not checked, leading to a Prototype Pollution.

Ссылки

https://github.com/mout/mout/blob/master/src/object/deepFillIn.js
Exploit
Third Party Advisory
https://github.com/mout/mout/blob/master/src/object/deepMixIn.js
Exploit
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1050374
Exploit
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1050373
Exploit
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-MOUT-1014544
Exploit
Third Party Advisory
https://github.com/mout/mout/blob/master/src/object/deepFillIn.js
Exploit
Third Party Advisory
https://github.com/mout/mout/blob/master/src/object/deepMixIn.js
Exploit
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1050374
Exploit
Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1050373
Exploit
Third Party Advisory
https://snyk.io/vuln/SNYK-JS-MOUT-1014544
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:moutjs:mout:*:*:*:*:*:node.js:*:*

EPSS

Процентиль: 76%

0.00982

Низкий

7.5 High

CVSS3

7.5 High

CVSS2

Дефекты

CWE-1321

Связанные уязвимости

GHSA-pc58-wgmc-hfjr

CVSS3: 7.5

github

почти 4 года назад

Prototype Pollution in mout

EPSS

Процентиль: 76%

0.00982

Низкий

7.5 High

CVSS3

7.5 High

CVSS2

Дефекты

CWE-1321