High severityNVD Advisory· Published Feb 4, 2020· Updated Aug 4, 2024
CVE-2020-8116
CVE-2020-8116
Description
Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
dot-propnpm | < 4.2.1 | 4.2.1 |
dot-propnpm | >= 5.0.0, < 5.1.1 | 5.1.1 |
Affected products
4- dot-prop/dot-propdescription
- ghsa-coords3 versions
< 4.2.1+ 2 more
- (no CPE)range: < 4.2.1
- (no CPE)range: < 1.18.3-1.module_el8.3.0+2023+d2377ea3
- (no CPE)range: < 17-3.module_el8.4.0+2224+b07ac28e
Patches
Vulnerability mechanics
References
7- github.com/advisories/GHSA-ff7x-qrg7-qggmghsax_refsource_MISCADVISORY
- nvd.nist.gov/vuln/detail/CVE-2020-8116ghsaADVISORY
- github.com/sindresorhus/dot-prop/commit/3039c8c07f6fdaa8b595ec869ae0895686a7a0f2ghsaWEB
- github.com/sindresorhus/dot-prop/commit/c914124f418f55edea27928e89c94d931babe587ghsaWEB
- github.com/sindresorhus/dot-prop/issues/63ghsax_refsource_MISCWEB
- github.com/sindresorhus/dot-prop/tree/v4ghsax_refsource_MISCWEB
- hackerone.com/reports/719856ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.