Vulnerability Details CVE-2020-8116
Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.5%
CVSS Severity
CVSS v3 Score 7.3
CVSS v2 Score 7.5
References
- https://github.com/advisories/GHSA-ff7x-qrg7-qggm
- https://github.com/sindresorhus/dot-prop/issues/63
- https://github.com/sindresorhus/dot-prop/tree/v4
- https://hackerone.com/reports/719856
- https://github.com/advisories/GHSA-ff7x-qrg7-qggm
- https://github.com/sindresorhus/dot-prop/issues/63
- https://github.com/sindresorhus/dot-prop/tree/v4
- https://hackerone.com/reports/719856
Products affected by CVE-2020-8116
-
cpe:2.3:a:dot-prop_project:dot-prop:1.0.0
-
cpe:2.3:a:dot-prop_project:dot-prop:1.0.1
-
cpe:2.3:a:dot-prop_project:dot-prop:2.0.0
-
cpe:2.3:a:dot-prop_project:dot-prop:2.1.0
-
cpe:2.3:a:dot-prop_project:dot-prop:2.2.0
-
cpe:2.3:a:dot-prop_project:dot-prop:2.3.0
-
cpe:2.3:a:dot-prop_project:dot-prop:2.4.0
-
cpe:2.3:a:dot-prop_project:dot-prop:3.0.0
-
cpe:2.3:a:dot-prop_project:dot-prop:4.0.0
-
cpe:2.3:a:dot-prop_project:dot-prop:4.1.0
-
cpe:2.3:a:dot-prop_project:dot-prop:4.1.1
-
cpe:2.3:a:dot-prop_project:dot-prop:4.2.0
-
cpe:2.3:a:dot-prop_project:dot-prop:5.0.0
-
cpe:2.3:a:dot-prop_project:dot-prop:5.0.1
-
cpe:2.3:a:dot-prop_project:dot-prop:5.1.0