PT-2020-19745 · Tiny-Conf · Tiny-Conf
Nerdjs
·
Published
2020-09-01
·
Updated
2022-12-02
·
CVE-2020-7724
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
tiny-conf versions prior to 1.1.1 is not mentioned, however, all versions up to and including 1.1.0 are vulnerable, so:
tiny-conf versions up to and including 1.1.0
Description
The issue is related to Prototype Pollution via the
set function.Recommendations
For versions up to and including 1.1.0, consider disabling the
set function as a temporary workaround until a patch is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.Exploit
Prototype Pollution
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Tiny-Conf