CVE-2020-8147
03.04.2020, 21:15
Flaw in input validation in npm package utils-extend version 1.0.8 and earlier may allow prototype pollution attack that may result in remote code execution or denial of service of applications using utils-extend.
| Vendor | Product | Version |
|---|---|---|
| utils-extend_project | utils-extend | 𝑥 ≤ 1.0.8 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-471 - Modification of Assumed-Immutable Data (MAID)The software does not properly protect an assumed-immutable element from being modified by an attacker.
- CWE-20 - Improper Input ValidationThe product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.