Lucene search
GoogleOSV:GHSA-6GP3-H3JJ-PRX4HistoryApr 07, 2020 - 3:47 p.m.
Prototype pollution in class-transformer
2020-04-0715:47:40
Google
osv.dev
12
0.001 Low
EPSS
Percentile
39.0%
class-transformer through 0.2.3 is vulnerable to Prototype Pollution. The ‘classToPlainFromExist’ function could be tricked into adding or modifying properties of ‘Object.prototype’ using a ‘proto’ payload.
| CPE | Name | Operator | Version |
|---|---|---|---|
| class-transformer | lt | 0.3.1 |
References
github.com/typestack/class-transformer
github.com/typestack/class-transformer/blob/a650d9f490573443f62508bc063b857bcd5e2525/src/ClassTransformer.ts#L29-L31,
github.com/typestack/class-transformer/commit/8f04eb9db02de708f1a20f6f2d2bb309b2fed01e
nvd.nist.gov/vuln/detail/CVE-2020-7637
snyk.io/vuln/SNYK-JS-CLASSTRANSFORMER-564431
Related
cve
cve
CVE-2020-7637
2020-04-06 13:15:12
veracode
veracode
Prototype Pollution
2020-04-07 06:14:14
osv
osv
CVE-2020-7637
2020-04-06 13:15:12
nvd
nvd
CVE-2020-7637
2020-04-06 13:15:12
github
github
Prototype pollution in class-transformer
2020-04-07 15:47:40
prion
prion
Design/Logic Flaw
2020-04-06 13:15:00
cvelist
cvelist
CVE-2020-7637
2020-04-06 12:34:54