CVE-2020-7766

2020-11-10T16:15:00
ID CVE-2020-7766
Type cve
Reporter report@snyk.io
Modified 2021-07-21T11:39:00

Description

This affects all versions of package json-ptr. The issue occurs in the set operation (https://flitbit.github.io/json-ptr/classes/src_pointer.jsonpointer.htmlset) when the force flag is set to true. The function recursively set the property in the target object, however it does not properly check the key being set, leading to a prototype pollution.