GHSA-4hq8-jgr8-mw9j

Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/07/GHSA-4hq8-jgr8-mw9j/GHSA-4hq8-jgr8-mw9j.json

Aliases

CVE-2020-7641

Published

2022-07-18T00:00:33Z

Modified

2022-08-05T15:54:03Z

Details

This affects all versions of package grunt-util-property. The function call could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.

References

https://nvd.nist.gov/vuln/detail/CVE-2020-7641
https://github.com/mikaelkaron/grunt-util-property
https://github.com/mikaelkaron/grunt-util-property/blob/master/main.js%23L41
https://security.snyk.io/vuln/SNYK-JS-GRUNTUTILPROPERTY-565088

Affected packages

npm / grunt-util-property

grunt-util-property

Affected ranges

Type: SEMVER
Events: Introduced

0

Affected versions

Database specific

{
    "last_known_affected_version_range": "<= 0.0.2"
}