Lucene search
K

4 matches found

vulnersOsv
vulnersOsv
added 2021/05/10 3:59 p.m.5 views

grunt-kevoree (>=0.3.0 <=6.0.0-alpha.1), grunt-kevoree-registry (>=3.0.0 <=4.0.0-alpha) +9 more potentially affected by CVE-2020-7724 via tiny-conf (=1.1.0)

tiny-conf NPM version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on tiny-conf and may be impacted: - grunt-kevoree =0.3.0, =3.0.0, =5.7.0, =4.0.0, =5.5.0-alpha, =0.3.0, =1.6.0, =1.0.0-alpha, =1.0.1, =1.0.0, =1.0.2 Source cves: CVE-2020-7724...

9.8CVSS7.2AI score0.01916EPSS
Exploits1
NVD
NVD
added 2020/09/01 10:15 a.m.22 views

CVE-2020-7724

All versions of package tiny-conf are vulnerable to Prototype Pollution via the set function...

9.8CVSS9.6AI score0.01916EPSS
Exploits1References1
CVE
CVE
added 2020/09/01 9:45 a.m.48 views

CVE-2020-7724

CVE-2020-7724 affects the tiny-conf package: prototype pollution via the set function. Affected versions are all up to and including 1.1.0; no fixed version is available. Documents describe the vulnerability as enabling property pollution on Object.prototype, with potential DoS or broader impact,...

9.8CVSS9.5AI score0.01916EPSS
Exploits1References1Affected Software1
vulnersOsv
vulnersOsv
added 2020/08/17 1:52 p.m.4 views

grunt-kevoree (>=0.3.0 <=6.0.0-alpha.1), grunt-kevoree-registry (>=3.0.0 <=4.0.0-alpha) +9 more potentially affected by CVE-2020-7724 via tiny-conf (=1.1.0)

tiny-conf NPM version =1.1.0 is affected by a known vulnerability. The following packages have a transitive dependency on tiny-conf and may be impacted: - grunt-kevoree =0.3.0, =3.0.0, =5.7.0, =4.0.0, =5.5.0-alpha, =0.3.0, =1.6.0, =1.0.0-alpha, =1.0.1, =1.0.0, =1.0.2 Source cves: CVE-2020-7724...

9.8CVSS7.2AI score0.01916EPSS
Exploits1
Rows per page
Query Builder