Lucene search

SnykCVELIST:CVE-2020-28503

HistoryMar 23, 2021 - 10:00 a.m.

CVE-2020-28503 Prototype Pollution

2021-03-2310:00:18

snyk

www.cve.org

cve-2020-28503

copy-props

prototype pollution

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O

AI Score

9.5

Confidence

High

EPSS

0.007

Percentile

81.0%

JSON

The package copy-props before 2.0.5 are vulnerable to Prototype Pollution via the main functionality.

CNA Affected

[
  {
    "product": "copy-props",
    "vendor": "n/a",
    "versions": [
      {
        "lessThan": "2.0.5",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/gulpjs/copy-props/pull/7

snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1088047

snyk.io/vuln/SNYK-JS-COPYPROPS-1082870

CVSS3

7.3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RL:O

AI Score

9.5

Confidence

High

EPSS

0.007

Percentile

81.0%

JSON

Related for CVELIST:CVE-2020-28503