← volver
CVE-2020-7600

CVE-2020-7600

EPSS 1.1%
querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks.
Productos afectados
n/a · querymen

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/diegohaz/querymen/commit/1987fefcb3b7508253a29502a008d5063a873cefhttps://snyk.io/vuln/SNYK-JS-QUERYMEN-559867