3 matches found
@ardier16/node-lb (>=1.0.0 <=2.0.0), @economist/backstopjs (>=0.0.1 <=0.0.3) +138 more potentially affected by CVE-2020-7679 via casperjs (>=1.1.0-beta3 <=1.1.4)
casperjs NPM version =1.1.0-beta3, =1.0.0, =0.0.1, =0.1.0, =1.2.0, =0.4.0, =0.1.0, =0.0.2, =3.40.4-ez-bin.7, =0.0.1, =0.0.2, =0.0.3 - autocallinjs =1.0.0 and more Source cves: CVE-2020-7679 Source advisory: OSV:GHSA-VRR3-5R3V-7XFW...
CVE-2020-7679
In all versions of package casperjs, the mergeObjects utility function is susceptible to Prototype Pollution...
CVE-2020-7679
CasperJS is affected by a Prototype Pollution vulnerability in the mergeObjects utility function across all versions. The issue allows an attacker to inject properties into Object.prototype (via proto or similar paths), potentially polluting prototypes and enabling unintended behavior. Documented...