High severityOSV Advisory· Published Sep 1, 2020· Updated Sep 16, 2024
Prototype Pollution
CVE-2020-7720
Description
The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
node-forgenpm | < 0.10.0 | 0.10.0 |
Affected products
2- Range: 0.1.10, 0.1.11, 0.1.12, …
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-92xj-mqp7-vmcjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-7720ghsaADVISORY
- github.com/digitalbazaar/forge/blob/master/CHANGELOG.mdghsax_refsource_CONFIRMWEB
- github.com/digitalbazaar/forge/blob/master/CHANGELOG.mdghsaWEB
- github.com/digitalbazaar/forge/commit/6a1e3ef74f6eb345bcff1b82184201d1e28b6756ghsaWEB
- snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-609293ghsax_refsource_MISCWEB
- snyk.io/vuln/SNYK-JS-NODEFORGE-598677ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.