Home

CVE-2020-8116

Description

Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.

Risk Information

Base Score
7.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score
Exploitation Probability
0.786

Associated Vulnerability

VulnerabilityOS Platform
(RHSA-2020:4272) nodejs:12 security and bug fix update nodejs-12.18.4-2.module+el8.2.0+8361+192e434e.x86_64.rpmLinux
(RHSA-2020:4272) nodejs:12 security and bug fix update nodejs-debugsource-12.18.4-2.module+el8.2.0+8361+192e434e.x86_64.rpmLinux
(RHSA-2020:4272) nodejs:12 security and bug fix update nodejs-devel-12.18.4-2.module+el8.2.0+8361+192e434e.x86_64.rpmLinux
(RHSA-2020:4272) nodejs:12 security and bug fix update nodejs-docs-12.18.4-2.module+el8.2.0+8361+192e434e.noarch.rpmLinux
(RHSA-2020:4272) nodejs:12 security and bug fix update nodejs-full-i18n-12.18.4-2.module+el8.2.0+8361+192e434e.x86_64.rpmLinux
(RHSA-2020:4272) nodejs:12 security and bug fix update npm-6.14.6-1.12.18.4.2.module+el8.2.0+8361+192e434e.x86_64.rpmLinux
(RHSA-2021:0548)Moderate: security update nodejs-10.23.1-1.module+el8.3.0+9502+012d8a97.x86_64.rpmLinux
(RHSA-2021:0548)Moderate: security update nodejs-debuginfo-10.23.1-1.module+el8.3.0+9502+012d8a97.x86_64.rpmLinux
(RHSA-2021:0548)Moderate: security update nodejs-debugsource-10.23.1-1.module+el8.3.0+9502+012d8a97.x86_64.rpmLinux
(RHSA-2021:0548)Moderate: security update nodejs-devel-10.23.1-1.module+el8.3.0+9502+012d8a97.x86_64.rpmLinux
(RHSA-2021:0548)Moderate: security update nodejs-docs-10.23.1-1.module+el8.3.0+9502+012d8a97.noarch.rpmLinux
(RHSA-2021:0548)Moderate: security update nodejs-full-i18n-10.23.1-1.module+el8.3.0+9502+012d8a97.x86_64.rpmLinux
(RHSA-2021:0548)Moderate: security update nodejs-nodemon-1.18.3-1.module+el8+2632+6c5111ed.noarch.rpmLinux
(RHSA-2021:0548)Moderate: security update nodejs-packaging-17-3.module+el8+2873+aa7dfd9a.noarch.rpmLinux
(RHSA-2021:0548)Moderate: security update npm-6.14.10-1.10.23.1.1.module+el8.3.0+9502+012d8a97.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234