CVE-2020-7720

🗓️ 01 Sep 2020 18:18:38Reported by redhat.comType

redhatcve

redhatcve🔗 access.redhat.com👁 28 Views

A flaw in node-forge allows Prototype Pollution via util.setPath functio

Reporter	Title	Published	Views	Family All 28
IBM Security Bulletins	Security Bulletin: IBM Spectrum Discover is vulnerable to multiple vulnerabilities	23 Aug 202222:32	–	ibm
IBM Security Bulletins	Security Bulletin: Critical Vulnerabilities in libraries used by libraries that IBM Spectrum discover is using (libraries of libraries)	28 Mar 202216:33	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in Node.js affect IBM Cloud Pak System	17 Aug 202209:46	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability in Node.js node-forge module affects IBM Cloud Pak for Multicloud Management Managed Service.	15 Dec 202017:38	–	ibm
IBM Security Bulletins	Security Bulletin: App Connect Enterprise Certified Container is vulnerable to CVE-2020-7720	2 Nov 202013:16	–	ibm
IBM Security Bulletins	Security Bulletin: Mutiple vulnerabilties affecting Watson Machine Learning Accelerator on Cloud Pak for Data	12 Dec 202317:39	–	ibm
IBM Security Bulletins	Security Bulletin: A security vulnerability in Node.js node-forge module affects IBM Cloud Automation Manager.	26 Nov 202021:46	–	ibm
BDU FSTEC	The vulnerability of the util.setPath function in the node-fetch library of the Aurora Application Center involves uncontrolled changes to prototype attributes of objects. This allows attackers to execute a “prototype pollution” attack.	9 Jun 202100:00	–	bdu_fstec
CVE	CVE-2020-7720	1 Sep 202009:35	–	cve
Cvelist	CVE-2020-7720 Prototype Pollution	1 Sep 202009:35	–	cvelist

Source	Link
cve	www.cve.org/CVERecord
nvd	www.nvd.nist.gov/vuln/detail/CVE-2020-7720
snyk	www.snyk.io/vuln/SNYK-JS-NODEFORGE-598677
bugzilla	www.bugzilla.redhat.com/show_bug.cgi

20 Apr 2024 01:42Current

3.9Low risk

Vulners AI Score3.9

EPSS0.02085

node-forge prototype pollution util.setpath cve-2020-7720