CVE-2020-36632

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-36632

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-36632.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-36632

Aliases

GHSA-2j2x-2gpw-g8fm

Related

UBUNTU-CVE-2020-36632

Published

2022-12-25T20:15:25Z

Modified

2025-01-15T01:45:33.094466Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

A vulnerability, which was classified as critical, was found in hughsk flat up to 5.0.0. This affects the function unflatten of the file index.js. The manipulation leads to improperly controlled modification of object prototype attributes ('prototype pollution'). It is possible to initiate the attack remotely. Upgrading to version 5.0.1 is able to address this issue. The name of the patch is 20ef0ef55dfa028caddaedbcb33efbdb04d18e13. It is recommended to upgrade the affected component. The identifier VDB-216777 was assigned to this vulnerability.

References

Affected packages

Git / github.com/hughsk/flat

Affected ranges

Type: GIT
Repo: https://github.com/hughsk/flat
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

20ef0ef55dfa028caddaedbcb33efbdb04d18e13

Fixed

20ef0ef55dfa028caddaedbcb33efbdb04d18e13

Affected versions

3.*

3.0.0

4.*

4.0.0

4.1.0

5.*

5.0.0

v1.*

v1.0.0

v1.1.0

v1.2.0

v1.2.1

v1.3.0

v1.4.0

v1.5.0

v1.5.1

v1.6.0

v1.6.1

v2.*

v2.0.0

v2.0.1