CVE-2020-7720

Prototype Pollution

CVSS 9.8 CRITICALEPSS 3.2%

The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C

Produtos afetados

n/a · node-forge

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/digitalbazaar/forge/blob/master/CHANGELOG.md https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-609293 https://snyk.io/vuln/SNYK-JS-NODEFORGE-598677