CVE-2020-8116
Summary
| CVE | CVE-2020-8116 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2020-02-04 20:15:00 UTC |
|---|
| Updated | 2022-08-05 19:32:00 UTC |
|---|
| Description | Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| GitHub - sindresorhus/dot-prop at v4 |
MISC |
github.com |
|
| HackerOne |
MISC |
hackerone.com |
Exploit, Third Party Advisory |
| Please backport CVE-2020-8116 security fix to 4.x. · Issue #63 · sindresorhus/dot-prop · GitHub |
MISC |
github.com |
|
| Prototype Pollution in dot-prop · CVE-2020-8116 · GitHub Advisory Database · GitHub |
MISC |
github.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 378599 Splunk Enterprise Third Party Package Updates for June (SVD-2023-0613)
- 940128 AlmaLinux Security Update for nodejs:12 (ALSA-2020:4272)
- 940231 AlmaLinux Security Update for nodejs:10 (ALSA-2021:0548)
- 960230 Rocky Linux Security Update for nodejs:12 (RLSA-2020:4272)
- 960843 Rocky Linux Security Update for nodejs:10 (RLSA-2021:0548)
- 982626 Nodejs (npm) Security Update for dot-prop (GHSA-ff7x-qrg7-qggm)
