GHSA-v39h-qm32-8gwq

Source

https://github.com/advisories/GHSA-v39h-qm32-8gwq

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/12/GHSA-v39h-qm32-8gwq/GHSA-v39h-qm32-8gwq.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-v39h-qm32-8gwq

Aliases

CVE-2020-7616

Published

2021-12-09T19:57:29Z

Modified

2026-03-13T22:11:18.287185Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

Improperly Controlled Modification of Dynamically-Determined Object Attributes in express-mock-middleware

Details

express-mock-middleware through 0.0.6 is vulnerable to Prototype Pollution. Exported functions by the package can be tricked into adding or modifying properties of the Object.prototype. Exploitation of this vulnerability requires creation of a new directory where an attack code can be placed which will then be exported by express-mock-middleware. As such, this is considered to be a low risk.

Database specific

{
    "github_reviewed": true,
    "github_reviewed_at": "2021-05-25T17:28:15Z",
    "cwe_ids": [
        "CWE-1321",
        "CWE-915"
    ],
    "severity": "MODERATE",
    "nvd_published_at": "2020-04-07T14:15:00Z"
}

References

Affected packages

npm / express-mock-middleware

Package

Name: express-mock-middleware; View open source insights on deps.dev
Purl: pkg:npm/express-mock-middleware

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

0.0.6

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/12/GHSA-v39h-qm32-8gwq/GHSA-v39h-qm32-8gwq.json"