MGASA-2020-0230

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0230.html

Import Source

https://advisories.mageia.org/MGASA-2020-0230.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2020-0230

Related

CVE-2019-10747

Published

2020-05-27T00:46:12Z

Modified

2020-05-27T00:14:32Z

Summary

Updated nodejs-set-value packages fix security vulnerability

Details

Updated nodejs-set-value package fixes security vulnerability:

A vulnerability was found in NOdejs set-value, where set-value is vulnerable to prototype Pollution in versions lower than 3.0.1. The function mixin-deep could be tricked into adding or modifying properties of Object.prototype using any of the constructor, prototype and proto payloads (CVE-2019-10747).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / nodejs-set-value

Package

Name: nodejs-set-value
Purl: pkg:rpm/mageia/nodejs-set-value?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.0.2-1.mga7

Ecosystem specific

{
    "section": "core"
}