5 matches found
@decentverse/server (>=0.0.1 <=0.0.148), @swapscanner/truffle-hdwallet-provider-klaytn (=1.4.2) +18 more potentially affected by CVE-2020-7717 via dot-notes (>=1.1.1 <=3.1.1)
dot-notes NPM version =1.1.1, =0.0.1, =1.0.0, =1.0.0, =1.0.1, =1.4.0, =1.0.0, =1.6.4, =0.3.1, =0.0.1, =1.0.0, =0.0.1, =0.1.1 and more Source cves: CVE-2020-7717 Source advisory: OSV:GHSA-QR4M-JCVC-3382...
CVE-2020-7717
All versions of package dot-notes are vulnerable to Prototype Pollution via the create function...
CVE-2020-7717 Prototype Pollution
All versions of package dot-notes are vulnerable to Prototype Pollution via the create function...
CVE-2020-7717
CVE-2020-7717 affects the npm package dot-notes. The connected documents clearly describe a prototype pollution flaw in the create function, enabling an attacker to inject properties into object prototypes. The scope covers versions prior to 3.2.1, with remediation recommending an update to 3.2.1...
@decentverse/server (>=0.0.1 <=0.0.148), @swapscanner/truffle-hdwallet-provider-klaytn (=1.4.2) +18 more potentially affected by CVE-2020-7717 via dot-notes (=3.1.1)
dot-notes NPM version =3.1.1 is affected by a known vulnerability. The following packages have a transitive dependency on dot-notes and may be impacted: - @decentverse/server =0.0.1, =1.0.0, =1.0.0, =1.0.1, =1.4.0, =1.0.0, =1.6.4, =0.0.1, =1.0.0, =0.0.1, =0.1.1 and more Source cves: CVE-2020-7717...