CVE-2020-7600

Source
https://nvd.nist.gov/vuln/detail/CVE-2020-7600
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7600.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-7600
Aliases
Related
  • SNYK-JS-QUERYMEN-559867
Published
2020-03-12T23:15:12Z
Modified
2025-01-15T01:46:17.410559Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks.

References

Affected packages

Git / github.com/diegohaz/querymen

Affected ranges

Type
GIT
Repo
https://github.com/diegohaz/querymen
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

v0.*

v0.1.1
v0.1.3
v0.1.4
v0.2.0
v0.3.0
v0.3.1
v0.3.2
v0.4.0
v0.5.0

v1.*

v1.0.0
v1.0.1
v1.0.2
v1.0.3
v1.0.4
v1.0.5
v1.1.0

v2.*

v2.0.0
v2.1.0
v2.1.1
v2.1.2
v2.1.3