This affects the package json8 before 1.0.3. The function adds in the target object the property specified in the path, however it does not properly check the key being set, leading to a prototype pollution.
References
Link | Resource |
---|---|
https://snyk.io/vuln/SNYK-JS-JSON8-1017116 | Exploit Third Party Advisory |
https://github.com/sonnyp/JSON8/commit/2e890261b66cbc54ae01d0c79c71b0fd18379e7e | Patch Third Party Advisory |
Configurations
Information
Published : 2020-11-12 03:15
Updated : 2022-12-02 11:44
NVD link : CVE-2020-7770
Mitre link : CVE-2020-7770
JSON object : View
CWE
CWE-1321
Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
Products Affected
json8_project
- json8