High severityNVD Advisory· Published Jan 19, 2021· Updated Sep 16, 2024
Prototype Pollution
CVE-2020-28478
Description
This affects the package gsap before 3.6.0.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
gsapnpm | < 3.6.0 | 3.6.0 |
Affected products
2- gsap/gsapdescription
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-6g8v-hpgw-h2v7ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-28478ghsaADVISORY
- github.com/greensock/GSAP/blob/master/src/gsap-core.jsghsaWEB
- github.com/greensock/GSAP/blob/master/src/gsap-core.js%23L147ghsax_refsource_MISCWEB
- github.com/greensock/GSAP/releases/tag/3.6.0ghsaWEB
- snyk.io/vuln/SNYK-JS-GSAP-1054614ghsax_refsource_MISCWEB
- www.npmjs.com/package/gsap/v/3.6.0ghsaWEB
News mentions
0No linked articles in our index yet.