PT-2020-6070 · Npm+4 · Dot-Prop+4

Published

2020-02-04

Updated

2022-08-05

CVE-2020-8116

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions dot-prop versions before 4.2.1 dot-prop versions 5.x before 5.1.1

Description The issue allows an attacker to add arbitrary properties to JavaScript objects, which can lead to a prototype pollution attack. This can be exploited by a remote attacker.

Recommendations For dot-prop versions before 4.2.1, update to version 4.2.1 or later. For dot-prop versions 5.x before 5.1.1, update to version 5.1.1 or later.

Exploit

Fix

Prototype Pollution

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1321CWE-425CWE-471

Related Identifiers

ALSA-2020:4272

ALSA-2021:0548

AZL-45084

BDU:2021-02884

CESA-2020_4272

CESA-2021_0548

CVE-2020-8116

GHSA-FF7X-QRG7-QGGM

RHSA-2020:4272

RHSA-2020:4903

RHSA-2020:5086

RHSA-2020_4272

RHSA-2021:0521

RHSA-2021:0548

RHSA-2021_0548

RLSA-2020:4272

RLSA-2021:0548

Affected Products

Almalinux

Centos

Red Hat

Rocky Linux

Dot-Prop

PT-2020-6070 · Npm+4 · Dot-Prop+4

CVE-2020-8116

Weakness Enumeration

Related Identifiers

Affected Products

References · 51