CVE-2020-7792

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-7792

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7792.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-7792

Aliases

GHSA-pc58-wgmc-hfjr

Related

SNYK-JAVA-ORGWEBJARS-1050374
SNYK-JAVA-ORGWEBJARSNPM-1050373
SNYK-JS-MOUT-1014544

Published

2020-12-11T11:15:11.633Z

Modified

2026-03-15T22:38:25.694582Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

This affects all versions of package mout. The deepFillIn function can be used to 'fill missing properties recursively', while the deepMixIn 'mixes objects into the target object, recursively mixing existing child objects as well'. In both cases, the key used to access the target object recursively is not checked, leading to a Prototype Pollution.

References

Affected packages

Git /

Affected ranges

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-7792.json"