CVE-2020-7616
N/A
N/A
Summary
express-mock-middleware through 0.0.6 is vulnerable to Prototype Pollution. Exported functions by the package can be tricked into adding or modifying properties of the Object.prototype. Exploitation of this vulnerability requires creation of a new directory where an attack code can be placed which will then be exported by express-mock-middleware. As such, this is considered to be a low risk.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | express-mock-middleware | All versions including 0.0.6 | affected |
Weaknesses
- Prototype Pollution
ADP Enrichment
CVE Program Container
Additional References
- https://snyk.io/vuln/SNYK-JS-EXPRESSMOCKMIDDLEWARE-564120
- https://github.com/LingyuCoder/express-mock-middleware/blob/master/lib/index.js#L39
References
- https://snyk.io/vuln/SNYK-JS-EXPRESSMOCKMIDDLEWARE-564120
- https://github.com/LingyuCoder/express-mock-middleware/blob/master/lib/index.js#L39
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.