CVE-2020-7616

Summary

express-mock-middleware through 0.0.6 is vulnerable to Prototype Pollution. Exported functions by the package can be tricked into adding or modifying properties of the Object.prototype. Exploitation of this vulnerability requires creation of a new directory where an attack code can be placed which will then be exported by express-mock-middleware. As such, this is considered to be a low risk.

Affected Software

VendorProductVersion RangeStatus
n/aexpress-mock-middlewareAll versions including 0.0.6affected

Weaknesses

  • Prototype Pollution

ADP Enrichment

CVE Program Container

Additional References

References