Lucene search
K

4 matches found

vulnersOsv
vulnersOsv
added 2021/05/06 6:11 p.m.4 views

@digiwano/enquirer-experiments (>=0.0.1 <=0.0.3), firepit (=0.0.1) +1 more potentially affected by CVE-2020-7716 via deeps (=1.4.5)

deeps NPM version =1.4.5 is affected by a known vulnerability. The following packages have a transitive dependency on deeps and may be impacted: - @digiwano/enquirer-experiments =0.0.1, =0.0.3 - firepit =0.0.1 - rnfb-cli =1.0.0 Source cves: CVE-2020-7716 Source advisory: OSV:GHSA-RGFV-V3JH-7FFP...

9.8CVSS7.2AI score0.01916EPSS
Exploits1
Cvelist
Cvelist
added 2020/09/01 9:20 a.m.36 views

CVE-2020-7716 Prototype Pollution

All versions of package deeps are vulnerable to Prototype Pollution via the set function...

9.8CVSS9.6AI score0.01916EPSS
Exploits1References1
CVE
CVE
added 2020/09/01 9:20 a.m.49 views

CVE-2020-7716

CVE-2020-7716 affects the npm package deeps and is a prototype pollution vulnerability via the set function. Public sources describe affected versions as older than 1.4.6 (GHSA: all versions up to 1.4.5; PT-2020-19738 states prior to 1.4.6). Root cause: unsafe handling in object merging/set that ...

9.8CVSS9.5AI score0.01916EPSS
Exploits1References1Affected Software1
vulnersOsv
vulnersOsv
added 2020/08/14 9:36 a.m.5 views

@digiwano/enquirer-experiments (>=0.0.1 <=0.0.3), firepit (=0.0.1) +1 more potentially affected by CVE-2020-7716 via deeps (=1.4.5)

deeps NPM version =1.4.5 is affected by a known vulnerability. The following packages have a transitive dependency on deeps and may be impacted: - @digiwano/enquirer-experiments =0.0.1, =0.0.3 - firepit =0.0.1 - rnfb-cli =1.0.0 Source cves: CVE-2020-7716 Source advisory: SNYK:JS-DEEPS-598667...

9.8CVSS7.2AI score0.01916EPSS
Exploits1
Rows per page
Query Builder