Home > Vulnerability Database > WS-2020-0154

Mend.io Vulnerability Database

WS-2020-0154

Good to know:

Date: September 10, 2020

All versions of json-logic-js are vulnerable to Prototype Pollution. The method operation allows a malicious user to modify the prototype of Object through the method property name. This causes modification of any existing property that will exist on all objects and leads to Remote Code Execution.

Language: JS

Severity Score

4.0

Related Resources (2)

Url: https://www.npmjs.com/advisories/1542

Url: https://www.mend.io/vulnerability-database/WS-2020-0154

Severity Score

4.0

Weakness Type (CWE)

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CWE-1321

Top Fix

Upgrade Version

Upgrade to version 2.0.0

Learn More

CVSS v3

Base Score:	4.0
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

WS-2020-0154

Good to know:

Date: September 10, 2020

Language: JS

Severity Score

Related Resources (2)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3

Do you need more information?