Lucene search

MendCVELIST:CVE-2020-28282

HistoryDec 29, 2020 - 5:05 p.m.

CVE-2020-28282

2020-12-2917:05:05

Mend

www.cve.org

vulnerability

'getobject'

version 0.1.0

denial of service

remote code execution

prototype pollution

AI Score

9.6

Confidence

High

EPSS

0.009

Percentile

83.4%

JSON

Prototype pollution vulnerability in ‘getobject’ version 0.1.0 allows an attacker to cause a denial of service and may lead to remote code execution.

CNA Affected

[
  {
    "product": "getobject",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "0.1.0"
      }
    ]
  }
]

References

github.com/cowboy/node-getobject/blob/aba04a8e1d6180eb39eff09990c3a43886ba8937/lib/getobject.js#L48

www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28282