CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
65.3%
Properties-Reader prior to version 2.2.0 is vulnerable to prototype pollution. Version 2.2.0 contains a patch for this issue.
Vendor | Product | Version | CPE |
---|---|---|---|
properties-reader_project | properties-reader | * | cpe:2.3:a:properties-reader_project:properties-reader:*:*:*:*:*:node.js:*:* |
github.com/advisories/GHSA-jxvf-m3x5-mxwq
github.com/steveukx/properties/commit/0877cc871db9865f58dd9389ce99e61be05380a5
github.com/steveukx/properties/commit/4e4bc392ecfd0a128f48c1d69f64a0d7194fcaab
github.com/steveukx/properties/issues/40
nvd.nist.gov/vuln/detail/CVE-2020-28471
security.snyk.io/vuln/SNYK-JS-PROPERTIESREADER-1048968