Lucene search
GitHub Advisory DatabaseGHSA-4HQ8-JGR8-MW9JHistoryJul 18, 2022 - 12:00 a.m.
grunt-util-property 0.0.2 function call can add/modify properties of Object.prototype using a __proto__ payload
2022-07-1800:00:33
CWE-1321
GitHub Advisory Database
github.com
7
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0005 Low
EPSS
Percentile
17.8%
This affects all versions of package grunt-util-property. The function call could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.
Affected configurations
Node
grunt-util-property_projectgrunt-util-propertyRange≤0.0.2node.js
| CPE | Name | Operator | Version |
|---|---|---|---|
| grunt-util-property | le | 0.0.2 |
Related
prion
prion
Design/Logic Flaw
2022-07-17 09:15:00
veracode
veracode
Prototype Pollution
2022-07-18 04:25:22
cve
cve
CVE-2020-7641
2022-07-17 09:15:07
cvelist
cvelist
CVE-2020-7641 Prototype Pollution
2022-07-17 00:00:00
nvd
nvd
CVE-2020-7641
2022-07-17 09:15:07
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0005 Low
EPSS
Percentile
17.8%
Related for GHSA-4HQ8-JGR8-MW9J