CVE-2020-8116

Summary

Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.

Affected Software

VendorProductVersion RangeStatus
n/adot-propbefore 4.2.1affected
n/adot-prop5.x before 5.1.1affected
n/adot-propFixed in 5.1.1affected

Weaknesses

  • CWE-471: Modification of Assumed-Immutable Data (MAID) (CWE-471)

ADP Enrichment

CVE Program Container

Additional References

References