CVE-2020-7720

🗓️ 01 Sep 2020 09:35:12Reported by snykType

The package node-forge before 0.10.0 is vulnerable to Prototype Pollutio

Reporter	Title	Published	Views	Family All 27
IBM Security Bulletins	Security Bulletin: IBM Spectrum Discover is vulnerable to multiple vulnerabilities	23 Aug 202222:32	–	ibm
IBM Security Bulletins	Security Bulletin: Critical Vulnerabilities in libraries used by libraries that IBM Spectrum discover is using (libraries of libraries)	28 Mar 202216:33	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in Node.js affect IBM Cloud Pak System	17 Aug 202209:46	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability in Node.js node-forge module affects IBM Cloud Pak for Multicloud Management Managed Service.	15 Dec 202017:38	–	ibm
IBM Security Bulletins	Security Bulletin: App Connect Enterprise Certified Container is vulnerable to CVE-2020-7720	2 Nov 202013:16	–	ibm
IBM Security Bulletins	Security Bulletin: Mutiple vulnerabilties affecting Watson Machine Learning Accelerator on Cloud Pak for Data	12 Dec 202317:39	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability in Node.js node-forge module affects IBM Cloud Automation Manager.	26 Nov 202021:46	–	ibm
Cvelist	CVE-2020-7720 Prototype Pollution	1 Sep 202009:35	–	cvelist
Debian CVE	CVE-2020-7720	1 Sep 202009:35	–	debiancve
EUVD	EUVD-2020-0922	7 Oct 202500:30	–	euvd

NVD

Node

digitalbazaar forgeRange<0.10.0node.js

[
  {
    "product": "node-forge",
    "vendor": "n/a",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
snyk	www.snyk.io/vuln/SNYK-JS-NODEFORGE-598677
snyk	www.snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-609293
github	www.github.com/digitalbazaar/forge/blob/master/CHANGELOG.md

21 Nov 2024 05:37Current

7.1High risk

Vulners AI Score7.1

CVSS 3.17.3 - 9.8

CVSS 27.5

EPSS0.02085

CWE-1321