CVE-2020-7637
N/A
N/A
Summary
class-transformer before 0.3.1 allow attackers to perform Prototype Pollution. The classToPlainFromExist function could be tricked into adding or modifying properties of Object.prototype using a proto payload.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | class-transformer | All versions prior to version 0.3.1 | affected |
Weaknesses
- Prototype Pollution
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/typestack/class-transformer/commit/8f04eb9db02de708f1a20f6f2d2bb309b2fed01e
- https://snyk.io/vuln/SNYK-JS-CLASSTRANSFORMER-564431
References
- https://github.com/typestack/class-transformer/commit/8f04eb9db02de708f1a20f6f2d2bb309b2fed01e
- https://snyk.io/vuln/SNYK-JS-CLASSTRANSFORMER-564431
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.