← back
CVE-2020-7600

CVE-2020-7600

EPSS 1.1%
querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks.
Affected products
n/a · querymen

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/diegohaz/querymen/commit/1987fefcb3b7508253a29502a008d5063a873cefhttps://snyk.io/vuln/SNYK-JS-QUERYMEN-559867