3 matches found
grunt-git-describe (>=2.3.1 <=2.4.4), grunt-git-describe-plus (=2.3.3-0) +3 more potentially affected by CVE-2020-7641 via grunt-util-property (=0.0.2)
grunt-util-property NPM version =0.0.2 is affected by a known vulnerability. The following packages have a transitive dependency on grunt-util-property and may be impacted: - grunt-git-describe =2.3.1, =0.1.5, =0.0.1, =0.0.4 Source cves: CVE-2020-7641 Source advisory: OSV:GHSA-4HQ8-JGR8-MW9J...
CVE-2020-7641 Prototype Pollution
This affects all versions of package grunt-util-property. The function call could be tricked into adding or modifying properties of Object.prototype using a proto payload...
CVE-2020-7641
CVE-2020-7641 affects the npm package grunt-util-property (all versions). The vulnerability is prototype pollution: the function call could be tricked into adding or modifying properties of Object.prototype using a proto payload, enabling an attacker to modify base object behavior. Public descrip...