PT-2020-19678 · Paypal · Paypal-Adaptive

Published

2020-04-23

Updated

2021-12-10

CVE-2020-7643

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions paypal-adaptive versions 0.4.2 and earlier

Description The issue allows manipulation of JavaScript objects, resulting in Prototype Pollution. The PayPal function can be tricked into adding or modifying properties of Object.prototype using a proto payload.

Recommendations For paypal-adaptive versions 0.4.2 and earlier, update to a version later than 0.4.2 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Prototype Pollution

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1321CWE-400

Related Identifiers

CVE-2020-7643

GHSA-V3R2-3FP4-RP46

SNYK-JS-PAYPALADAPTIVE-565089

Affected Products

Paypal-Adaptive

PT-2020-19678 · Paypal · Paypal-Adaptive

CVE-2020-7643

Weakness Enumeration

Related Identifiers

Affected Products

References · 7