CVE-2020-7641

Name of the Vulnerable Software and Affected Versions grunt-util-property versions all

Description The function call in the affected package could be tricked into adding or modifying properties of Object.prototype using a proto payload. This allows for potential manipulation of the object's properties.

Recommendations For all versions, consider restricting access to the function call that is vulnerable to proto payload manipulation until a patch is available. As a temporary workaround, avoid using the function call that could be tricked into modifying Object.prototype properties. At the moment, there is no information about a newer version that contains a fix for this vulnerability.