CVE-2020-8147

Name of the Vulnerable Software and Affected Versions utils-extend versions 1.0.8 and earlier

Description The issue is caused by insufficient cleaning of user-provided data in the utils-extend module of the NPM package manager. This may allow a remote attacker to execute arbitrary code. The flaw in input validation may result in a prototype pollution attack, potentially leading to remote code execution or denial of service of applications using utils-extend. All versions of utils-extend are vulnerable due to the extend function not restricting the modification of an Object's prototype, allowing an attacker to add or modify existing properties that will exist on all objects.

Recommendations For versions 1.0.8 and earlier, consider using an alternative package until a fix is made available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.