Prototype Pollution in property-expr

2021-05-0617:29:47

CWE-915

CWE-1321

GitHub Advisory Database

github.com

0.011 Low

EPSS

Percentile

84.1%

The package property-expr before 2.0.3 are vulnerable to Prototype Pollution via the setter function.

CPENameOperatorVersion
property-exprlt2.0.3

CPE	Name	Operator	Version
	property-expr	lt	2.0.3

References

github.com/advisories/GHSA-6fw4-hr69-g3rv

github.com/jquense/expr/commit/df846910915d59f711ce63c1f817815bceab5ff7

nvd.nist.gov/vuln/detail/CVE-2020-7707

snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-598857

snyk.io/vuln/SNYK-JS-PROPERTYEXPR-598800

0.011 Low

EPSS

Percentile

84.1%

Related for GHSA-6FW4-HR69-G3RV