PT-2020-17011 · Js Data · Js-Data

Published

2020-12-15

Updated

2022-02-09

CVE-2020-28442

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions js-data versions prior to 3.0.10

Description The issue concerns Prototype Pollution via the deepFillIn function. This allows for potential manipulation of object properties. No information is provided about the estimated number of affected devices or real-world incidents.

Recommendations For versions prior to 3.0.10, update to version 3.0.10 or later to resolve the issue. As a temporary workaround, consider disabling the deepFillIn function until a patch is available.

Exploit

Fix

Prototype Pollution

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1321

Related Identifiers

CVE-2020-28442

GHSA-MQGV-67VX-G4M5

SNYK-JAVA-ORGWEBJARSBOWER-1050978

SNYK-JAVA-ORGWEBJARSNPM-1050979

SNYK-JS-JSDATA-1023655

Affected Products

Js-Data

PT-2020-17011 · Js Data · Js-Data

CVE-2020-28442

Weakness Enumeration

Related Identifiers

Affected Products

References · 12