CVE-2020-8268

Prototype pollution vulnerability in json8-merge-patch npm package < 1.0.3 may allow attackers to inject or modify methods and properties of the global object constructor.
References
Link Resource
https://hackerone.com/reports/980649 Exploit Issue Tracking Third Party Advisory
https://hackerone.com/reports/980649 Exploit Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:json8-merge-patch_project:json8-merge-patch:*:*:*:*:*:node.js:*:*

History

21 Nov 2024, 05:38

Type Values Removed Values Added
References () https://hackerone.com/reports/980649 - Exploit, Issue Tracking, Third Party Advisory () https://hackerone.com/reports/980649 - Exploit, Issue Tracking, Third Party Advisory

Information

Published : 2020-11-09 15:15

Updated : 2024-11-21 05:38


NVD link : CVE-2020-8268

Mitre link : CVE-2020-8268

CVE.ORG link : CVE-2020-8268


JSON object : View

Products Affected

json8-merge-patch_project

  • json8-merge-patch
CWE
CWE-471

Modification of Assumed-Immutable Data (MAID)

CWE-20

Improper Input Validation