Moderate severityNVD Advisory· Published Mar 11, 2020· Updated Aug 4, 2024
CVE-2020-7598
CVE-2020-7598
Description
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
minimistnpm | < 0.2.1 | 0.2.1 |
minimistnpm | >= 1.0.0, < 1.2.3 | 1.2.3 |
Affected products
57- minimist/minimistdescription
- ghsa-coords56 versionspkg:npm/minimistpkg:rpm/almalinux/nodejs-nodemonpkg:rpm/almalinux/nodejs-packagingpkg:rpm/opensuse/nodejs8&distro=openSUSE%20Leap%2015.1pkg:rpm/suse/branch-network-formula&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/cobbler&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/dhcpd-formula&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/grafana-formula&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/image-sync-formula&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP1pkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP2pkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/nodejs10&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/nodejs12&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/nodejs6&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/nodejs6&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/nodejs6&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/nodejs6&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/nodejs8&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-ESPOSpkg:rpm/suse/nodejs8&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015-LTSSpkg:rpm/suse/nodejs8&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP1pkg:rpm/suse/nodejs8&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2015%20SP2pkg:rpm/suse/nodejs8&distro=SUSE%20Linux%20Enterprise%20Server%2015-LTSSpkg:rpm/suse/nodejs8&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015pkg:rpm/suse/openvpn-formula&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/patterns-suse-manager&distro=SUSE%20Manager%20Proxy%20Module%204.0pkg:rpm/suse/patterns-suse-manager&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/prometheus-formula&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/pxe-formula&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/py26-compat-salt&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/python-susemanager-retail&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/saltboot-formula&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/spacewalk-backend&distro=SUSE%20Manager%20Proxy%20Module%204.0pkg:rpm/suse/spacewalk-backend&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/spacewalk-certs-tools&distro=SUSE%20Manager%20Proxy%20Module%204.0pkg:rpm/suse/spacewalk-certs-tools&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Proxy%20Module%204.0pkg:rpm/suse/spacewalk-client-tools&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/spacewalk&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/spacewalk-java&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/spacewalk-proxy-installer&distro=SUSE%20Manager%20Proxy%20Module%204.0pkg:rpm/suse/spacewalk-utils&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/spacewalk-web&distro=SUSE%20Manager%20Proxy%20Module%204.0pkg:rpm/suse/spacewalk-web&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/susemanager&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/susemanager-doc-indexes&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/susemanager-docs_en&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/susemanager-schema&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/susemanager-sls&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/susemanager-tftpsync&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/susemanager-tftpsync-recv&distro=SUSE%20Manager%20Proxy%20Module%204.0pkg:rpm/suse/virtual-host-gatherer&distro=SUSE%20Manager%20Server%20Module%204.0pkg:rpm/suse/virtualization-host-formula&distro=SUSE%20Manager%20Server%20Module%204.0
< 0.2.1+ 55 more
- (no CPE)range: < 0.2.1
- (no CPE)range: < 1.18.3-1.module_el8.3.0+2023+d2377ea3
- (no CPE)range: < 17-3.module_el8.4.0+2224+b07ac28e
- (no CPE)range: < 8.17.0-lp151.2.15.1
- (no CPE)range: < 0.1.1583842676.2fc2fa6-3.13.2
- (no CPE)range: < 3.0.0+git20190806.32c4bae0-7.10.2
- (no CPE)range: < 0.1.1583829431.db6edda-3.11.2
- (no CPE)range: < 0.2-4.7.2
- (no CPE)range: < 0.1.1585064259.12b97ef-3.14.2
- (no CPE)range: < 10.21.0-1.21.1
- (no CPE)range: < 10.21.0-1.21.1
- (no CPE)range: < 10.21.0-1.24.1
- (no CPE)range: < 10.21.0-1.21.1
- (no CPE)range: < 10.21.0-1.21.1
- (no CPE)range: < 10.21.0-1.21.1
- (no CPE)range: < 10.21.0-1.21.1
- (no CPE)range: < 12.18.0-1.14.1
- (no CPE)range: < 6.17.1-11.37.1
- (no CPE)range: < 6.17.1-11.37.1
- (no CPE)range: < 6.17.1-11.37.1
- (no CPE)range: < 6.17.1-11.37.1
- (no CPE)range: < 8.17.0-3.32.1
- (no CPE)range: < 8.17.0-3.32.1
- (no CPE)range: < 8.17.0-3.32.1
- (no CPE)range: < 8.17.0-10.3.1
- (no CPE)range: < 8.17.0-3.32.1
- (no CPE)range: < 8.17.0-3.32.1
- (no CPE)range: < 0.1-4.3.1
- (no CPE)range: < 4.0-9.13.2
- (no CPE)range: < 4.0-9.13.2
- (no CPE)range: < 0.2-4.10.2
- (no CPE)range: < 0.1.1586937953.e458f5c-3.14.2
- (no CPE)range: < 2016.11.10-10.14.2
- (no CPE)range: < 1.0.1583842676.2fc2fa6-3.16.2
- (no CPE)range: < 0.1.1587051918.6bc9e88-3.10.2
- (no CPE)range: < 4.0.31-3.26.3
- (no CPE)range: < 4.0.31-3.26.3
- (no CPE)range: < 4.0.16-3.18.2
- (no CPE)range: < 4.0.16-3.18.2
- (no CPE)range: < 4.0.13-3.16.2
- (no CPE)range: < 4.0.13-3.16.2
- (no CPE)range: < 4.0.5-3.3.2
- (no CPE)range: < 4.0.32-3.26.2
- (no CPE)range: < 4.0.12-3.3.2
- (no CPE)range: < 4.0.17-3.18.2
- (no CPE)range: < 4.0.20-3.21.3
- (no CPE)range: < 4.0.20-3.21.3
- (no CPE)range: < 4.0.23-3.23.3
- (no CPE)range: < 4.0-10.21.2
- (no CPE)range: < 4.0-10.21.2
- (no CPE)range: < 4.0.19-3.20.2
- (no CPE)range: < 4.0.25-3.20.2
- (no CPE)range: < 4.0.6-3.3.2
- (no CPE)range: < 4.0.6-3.3.2
- (no CPE)range: < 1.0.20-3.6.2
- (no CPE)range: < 0.3-4.6.2
Patches
Vulnerability mechanics
References
9- lists.opensuse.org/opensuse-security-announce/2020-06/msg00024.htmlghsavendor-advisoryx_refsource_SUSEWEB
- github.com/advisories/GHSA-vh95-rmgr-6w4mghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-7598ghsaADVISORY
- github.com/minimistjs/minimist/commit/10bd4cdf49d9686d48214be9d579a9cdfda37c68ghsaWEB
- github.com/minimistjs/minimist/commit/38a4d1caead72ef99e824bb420a2528eec03d9abghsaWEB
- github.com/minimistjs/minimist/commit/4cf1354839cb972e38496d35e12f806eea92c11fghsaWEB
- github.com/minimistjs/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94ghsaWEB
- snyk.io/vuln/SNYK-JS-MINIMIST-559764ghsax_refsource_MISCWEB
- www.npmjs.com/advisories/1179ghsaWEB
News mentions
0No linked articles in our index yet.