CVE-2020-8268

High

Prototype pollution vulnerability in json8-merge-patch npm package < 1.0.3 may allow attackers to inject or modify methods and properties…

hackerone·CWE-471·Published 2020-11-09

CVSS

7.5

EPSS

0.01

KEV

Exploits

cve.orgen

171 chars

Prototype pollution vulnerability in json8-merge-patch npm package < 1.0.3 may allow attackers to inject or modify methods and properties of the global object constructor.

NVDen

171 chars

Prototype pollution vulnerability in json8-merge-patch npm package < 1.0.3 may allow attackers to inject or modify methods and properties of the global object constructor.

OSV.deven

171 chars

Prototype pollution vulnerability in json8-merge-patch npm package < 1.0.3 may allow attackers to inject or modify methods and properties of the global object constructor.

GHSAen

171 chars

Prototype pollution vulnerability in json8-merge-patch npm package < 1.0.3 may allow attackers to inject or modify methods and properties of the global object constructor.

NVDes

220 chars

Una vulnerabilidad de contaminación de prototipo en el paquete json8-merge-patch npm versiones anteriores a 1.0.3, puede permitir a atacantes inyectar o modificar métodos y propiedades del constructor de objetos globales

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N
3.1	Primary	NVD	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N