CVE-2020-7770

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-7770

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7770.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-7770

Aliases

GHSA-7h43-gx24-p529

Related

SNYK-JS-JSON8-1017116

Published

2020-11-12T11:15:11.870Z

Modified

2025-11-20T11:30:36.808673Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

This affects the package json8 before 1.0.3. The function adds in the target object the property specified in the path, however it does not properly check the key being set, leading to a prototype pollution.

References

Affected packages

Git / github.com/sonnyp/json8

Affected ranges

Type: GIT
Repo: https://github.com/sonnyp/json8
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

2e890261b66cbc54ae01d0c79c71b0fd18379e7e

Affected versions

v1.*

v1.0.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7770.json"