4 matches found
CVE-2020-28268
Prototype pollution vulnerability in 'controlled-merge' versions 1.0.0 through 1.2.0 allows attacker to cause a denial of service and may lead to remote code execution...
gulp-controlled-merge-json (=0.2.1) potentially affected by CVE-2020-28268 via controlled-merge (=1.1.0)
controlled-merge NPM version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on controlled-merge and may be impacted: - gulp-controlled-merge-json =0.2.1 Source cves: CVE-2020-28268 Source advisory: OSV:GHSA-5PG7-V24C-9RP9...
CVE-2020-28268
Prototype pollution vulnerability in 'controlled-merge' versions 1.0.0 through 1.2.0 allows attacker to cause a denial of service and may lead to remote code execution...
CVE-2020-28268
The CVE-2020-28268 entry concerns controlled-merge prototype pollution in versions 1.0.0–1.2.0. The root cause is a prototype pollution vulnerability that can cause a denial of service and may lead to remote code execution. Documentation in PT-2020-16958 notes the issue and provides a remediation...