Lucene search

K
cveHackeroneCVE-2020-8116
HistoryFeb 04, 2020 - 8:15 p.m.

CVE-2020-8116

2020-02-0420:15:13
CWE-471
CWE-1321
hackerone
web.nvd.nist.gov
134
2
cve-2020-8116
prototype pollution
dot-prop npm package
vulnerability
javascript
objects

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

7.2

Confidence

High

EPSS

0.002

Percentile

55.7%

Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.

Affected configurations

Nvd
Vulners
Node
dot-prop_projectdot-propRange<4.2.1node.js
OR
dot-prop_projectdot-propRange5.0.05.1.1node.js
VendorProductVersionCPE
dot-prop_projectdot-prop*cpe:2.3:a:dot-prop_project:dot-prop:*:*:*:*:*:node.js:*:*

CNA Affected

[
  {
    "product": "dot-prop",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "before 4.2.1"
      },
      {
        "status": "affected",
        "version": "5.x before 5.1.1"
      },
      {
        "status": "affected",
        "version": "Fixed in 5.1.1"
      }
    ]
  }
]

Social References

More

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

AI Score

7.2

Confidence

High

EPSS

0.002

Percentile

55.7%