4 matches found
CVE-2020-28478
This affects the package gsap before 3.6.0...
CVE-2020-28478
The CVE-2020-28478 entry concerns the gsap JavaScript library with a Prototype Pollution vulnerability affecting all versions before 3.6.0. The connected documents corroborate that an attacker could pollute Object.prototype via unsafe recursive merges or path-based property definitions, enabling ...
CVE-2020-28478 Prototype Pollution
This affects the package gsap before 3.6.0...
03-three_basic (=1.0.0), 3d-configurator-test (>=0.1.0 <=0.4.0) +2279 more potentially affected by CVE-2020-28478 via gsap (>=3.0.4 <=3.5.1)
gsap NPM version =3.0.4, =0.1.0, =0.0.2, =0.1.1, =1.0.0, =0.0.1, =8.0.1-para-beta.0, =13.351.0, =13.351.3, =7.10.0, =7.10.0, =0.0.2, =0.3.9 and more Source cves: CVE-2020-28478 Source advisory: SNYK:JS-GSAP-1054614...