Vulnerability Details CVE-2020-8116
Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.4%
CVSS Severity
CVSS v3 Score 7.3
CVSS v2 Score 7.5
References
- https://github.com/advisories/GHSA-ff7x-qrg7-qggm
- https://github.com/sindresorhus/dot-prop/issues/63
- https://github.com/sindresorhus/dot-prop/tree/v4
- https://hackerone.com/reports/719856
- https://github.com/advisories/GHSA-ff7x-qrg7-qggm
- https://github.com/sindresorhus/dot-prop/issues/63
- https://github.com/sindresorhus/dot-prop/tree/v4
- https://hackerone.com/reports/719856
Products affected by CVE-2020-8116
-
cpe:2.3:a:dot-prop_project:dot-prop:1.0.0
-
cpe:2.3:a:dot-prop_project:dot-prop:1.0.1
-
cpe:2.3:a:dot-prop_project:dot-prop:2.0.0
-
cpe:2.3:a:dot-prop_project:dot-prop:2.1.0
-
cpe:2.3:a:dot-prop_project:dot-prop:2.2.0
-
cpe:2.3:a:dot-prop_project:dot-prop:2.3.0
-
cpe:2.3:a:dot-prop_project:dot-prop:2.4.0
-
cpe:2.3:a:dot-prop_project:dot-prop:3.0.0
-
cpe:2.3:a:dot-prop_project:dot-prop:4.0.0
-
cpe:2.3:a:dot-prop_project:dot-prop:4.1.0
-
cpe:2.3:a:dot-prop_project:dot-prop:4.1.1
-
cpe:2.3:a:dot-prop_project:dot-prop:4.2.0
-
cpe:2.3:a:dot-prop_project:dot-prop:5.0.0
-
cpe:2.3:a:dot-prop_project:dot-prop:5.0.1
-
cpe:2.3:a:dot-prop_project:dot-prop:5.1.0