High severityNVD Advisory· Published Mar 15, 2020· Updated Aug 4, 2024

CVE-2020-8141

Description

The dot package v1.1.2 uses Function() to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
dotnpm	< 1.1.3	1.1.3

Affected products

ghsa-coords
pkg:npm/dot
Range: < 1.1.3
Alexpinel/Dotv5
Range: 1.1.2

Patches

Vulnerability mechanics

References

github.com/advisories/GHSA-297x-8xj4-vcxvghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2020-8141ghsaADVISORY
hackerone.com/reports/390929ghsax_refsource_MISCWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000