2 matches found
access-token (=0.1.1), assign (>=0.1.0 <=0.1.4) +25 more potentially affected by CVE-2020-28280 via predefine (>=0.0.1 <=0.0.6)
predefine NPM version =0.0.1, =0.1.0, =0.0.1, =0.2.1, =0.1.0, =0.0.1, =0.0.0, =0.0.0, =0.0.0, =0.0.1, =0.0.2, =0.0.2, =0.0.2, =0.0.4 and more Source cves: CVE-2020-28280 Source advisory: OSV:GHSA-MX3X-GHQM-R43H...
CVE-2020-28280
The CVE-2020-28280 entry concerns the Node.js package/code path for predefine . Affected versions are 0.0.0 through 0.1.2 , where a prototype pollution vulnerability exists due to unsafe object or prototype handling. The underlying impact, as described in connected documents, includes potential d...