CVE-2020-7700

Name of the Vulnerable Software and Affected Versions phpjs versions prior to 1.3.2 and possibly later, as all versions are mentioned as vulnerable in one source, but another source specifies up to 1.3.2.

Description The issue concerns Prototype Pollution via the parse str function. This affects phpjs, potentially allowing for malicious manipulation of data. The estimated number of affected devices is not provided, and there is no mention of real-world incidents where this issue was exploited. Technical details about exploitation include the use of the parse str function, which is vulnerable to Prototype Pollution.

Recommendations For phpjs versions prior to 1.3.2, consider using Locutus as a replacement, as phpjs is no longer maintained. For all versions of phpjs, as a temporary workaround, consider restricting the use of the parse str function to minimize the risk of exploitation.