2 matches found
CVE-2020-8268
Prototype pollution vulnerability in json8-merge-patch npm package 1.0.3 may allow attackers to inject or modify methods and properties of the global object constructor...
CVE-2020-8268
The CVE-2020-8268 entry relates to the json8-merge-patch npm package. Affected software: json8-merge-patch prior to version 1.0.3. Root cause: the apply function fails to restrict access to object prototypes, enabling prototype pollution. Potential impact: modification of for-prototype behavior w...