CVE-2020-7600

Summary

querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks.

Affected Software

VendorProductVersion RangeStatus
n/aquerymenAll versions prior to 2.1.4affected

Weaknesses

  • Prototype Pollution

ADP Enrichment

CVE Program Container

Additional References

References