Количество 2
Количество 2
CVE-2020-28495
This affects the package total.js before 3.4.7. The set function can be used to set a value into the object according to the path. However the keys of the path being set are not properly sanitized, leading to a prototype pollution vulnerability. The impact depends on the application. In some cases it is possible to achieve Denial of service (DoS), Remote Code Execution or Property Injection.
GHSA-6cf8-qhqj-vjqm
Prototype pollution in total.js
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2020-28495 This affects the package total.js before 3.4.7. The set function can be used to set a value into the object according to the path. However the keys of the path being set are not properly sanitized, leading to a prototype pollution vulnerability. The impact depends on the application. In some cases it is possible to achieve Denial of service (DoS), Remote Code Execution or Property Injection. | CVSS3: 7.3 | 6% Низкий | около 5 лет назад |
| GHSA-6cf8-qhqj-vjqm Prototype pollution in total.js | CVSS3: 7.3 | 6% Низкий | около 5 лет назад |
Уязвимостей на страницу