First published: Mon Apr 06 2020(Updated: )
eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.The function 'set' could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload.
Credit: report@snyk.io
Affected Software | Affected Version | How to fix |
---|---|---|
Dot Project Dot | <1.0.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for eivindfjeldstad-dot below 1.0.3 is CVE-2020-7639.
The severity of CVE-2020-7639 is medium with a CVSS score of 5.3.
eivindfjeldstad-dot below 1.0.3 with Node.js is affected by the vulnerability.
eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution, allowing modification of 'Object.prototype'.
To fix CVE-2020-7639, update eivindfjeldstad-dot to version 1.0.3 or above.