CVE-2020-7770

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-7770

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7770.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-7770

Aliases

GHSA-7h43-gx24-p529

Related

SNYK-JS-JSON8-1017116

Published

2020-11-12T11:15:11.870Z

Modified

2026-03-13T22:15:29.332709Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

This affects the package json8 before 1.0.3. The function adds in the target object the property specified in the path, however it does not properly check the key being set, leading to a prototype pollution.

References

Affected packages

Git / github.com/sonnyp/json8

Affected ranges

Type

GIT

Repo

https://github.com/sonnyp/json8

Events

Introduced

Fixed

e069491061f23cebbba0c0e9709d1923335433d7

Fixed

2e890261b66cbc54ae01d0c79c71b0fd18379e7e

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "1.0.3"
        }
    ]
}

Affected versions

v1.*

v1.0.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7770.json"