2 matches found
@alexeimyshkouski/json-api (=0.0.1), @cyber-crafts/ltc-core (=1.0.0) +13 more potentially affected by CVE-2020-7770 via json8 (>=0.1.0 <=0.9.2)
json8 NPM version =0.1.0, =0.0.10, =0.4.0, =0.2.0, =1.1.0, =1.3.0, =2.0.2, =1.0.0, =1.1.1, =1.2.3, =1.3.0 - yaml-scheme =1.0.2 Source cves: CVE-2020-7770 Source advisory: OSV:GHSA-7H43-GX24-P529...
CVE-2020-7770
The CVE-2020-7770 entry concerns json8 before 1.0.3. A function that adds a property to a target object does not properly validate the key being set, enabling prototype pollution. Affected versions are prior to 1.0.3; remediation is to upgrade json8 to version 1.0.3 or later. Other linked advisor...