Vulnerability Details CVE-2020-8268
Prototype pollution vulnerability in json8-merge-patch npm package < 1.0.3 may allow attackers to inject or modify methods and properties of the global object constructor.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 39.3%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
Products affected by CVE-2020-8268
-
cpe:2.3:a:json8-merge-patch_project:json8-merge-patch:-
-
cpe:2.3:a:json8-merge-patch_project:json8-merge-patch:0.1.0
-
cpe:2.3:a:json8-merge-patch_project:json8-merge-patch:0.1.1
-
cpe:2.3:a:json8-merge-patch_project:json8-merge-patch:0.2.0
-
cpe:2.3:a:json8-merge-patch_project:json8-merge-patch:0.3.0
-
cpe:2.3:a:json8-merge-patch_project:json8-merge-patch:0.4.0
-
cpe:2.3:a:json8-merge-patch_project:json8-merge-patch:0.5.0
-
cpe:2.3:a:json8-merge-patch_project:json8-merge-patch:1.0.0
-
cpe:2.3:a:json8-merge-patch_project:json8-merge-patch:1.0.1
-
cpe:2.3:a:json8-merge-patch_project:json8-merge-patch:1.0.2