CVE-2020-7766

Summary

This affects all versions of package json-ptr. The issue occurs in the set operation (https://flitbit.github.io/json-ptr/classes/_src_pointer_.jsonpointer.htmlset) when the force flag is set to true. The function recursively set the property in the target object, however it does not properly check the key being set, leading to a prototype pollution.

Affected Software

VendorProductVersion RangeStatus
n/ajson-ptr0 < unspecifiedaffected

Weaknesses

  • Prototype Pollution

ADP Enrichment

CVE Program Container

Additional References

References