4 matches found
CVE-2020-7644
fun-map through 3.3.1 is vulnerable to Prototype Pollution. The function assocInM could be tricked into adding or modifying properties of 'Object.prototype' using a 'proto' payload...
gossip-object (>=0.1.0 <=2.3.4), gossipdb (>=0.1.1 <=0.1.5) +2 more potentially affected by CVE-2020-7644 via fun-map (>=2.0.1 <=3.3.1)
fun-map NPM version =2.0.1, =0.1.0, =0.1.1, =0.0.0, =0.2.0, =1.0.0 Source cves: CVE-2020-7644 Source advisory: OSV:GHSA-P33M-7W7F-GMJ8...
CVE-2020-7644
CVE-2020-7644 affects fun-map up to version 3.3.1, with prototype pollution via the assocInM function that can add/modify Object.prototype properties using a proto payload. Reported across NVD and multiple feeds (Red Hat, GHSA, OSV, CNVD, CN...); CVSS scores indicate 6.8 (2.0/AV:N/AC:M) and 8.1 (...
CVE-2020-7644
fun-map through 3.3.1 is vulnerable to Prototype Pollution. The function assocInM could be tricked into adding or modifying properties of 'Object.prototype' using a 'proto' payload...