CVE-2020-8268
09.11.2020, 15:15
Prototype pollution vulnerability in json8-merge-patch npm package < 1.0.3 may allow attackers to inject or modify methods and properties of the global object constructor.
| Vendor | Product | Version |
|---|---|---|
| json8-merge-patch_project | json8-merge-patch | 𝑥 < 1.0.3 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-471 - Modification of Assumed-Immutable Data (MAID)The software does not properly protect an assumed-immutable element from being modified by an attacker.
- CWE-20 - Improper Input ValidationThe product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.