← volver
CVE-2020-7720

Prototype Pollution

CVSS 9.8 CRITICALEPSS 3.2%
The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C
Productos afectados
n/a · node-forge

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/digitalbazaar/forge/blob/master/CHANGELOG.mdhttps://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-609293https://snyk.io/vuln/SNYK-JS-NODEFORGE-598677