CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-7616

express-mock-middleware through 0.0.6 is vulnerable to Prototype Pollution. Exported functions by the package can be tricked into adding or modifying properties of the `Object.prototype`. Exploitation of this vulnerability requires creation of a new directory where an attack code can be placed which will then be exported by `express-mock-middleware`. As such, this is considered to be a low risk.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 54.2%

CVSS Severity

CVSS v3 Score 5.3

CVSS v2 Score 5.0

References

https://github.com/LingyuCoder/express-mock-middleware/blob/master/lib/index.js#L39
https://snyk.io/vuln/SNYK-JS-EXPRESSMOCKMIDDLEWARE-564120
https://github.com/LingyuCoder/express-mock-middleware/blob/master/lib/index.js#L39
https://snyk.io/vuln/SNYK-JS-EXPRESSMOCKMIDDLEWARE-564120

Products affected by CVE-2020-7616

Express-Mock-Middleware Project » Express-Mock-Middleware » Version: 0.0.6

cpe:2.3:a:express-mock-middleware_project:express-mock-middleware:0.0.6

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-7616

Products

Pricing

Contact Us