Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

WS-2020-0345

Good to know:

icon
icon

Date: July 3, 2020

Prototype Pollution vulnerability was found in jsonpointer before 4.1.0 via the set function.

Language: JS

Severity Score

Related Resources (2)

https://github.com/janl/node-jsonpointer/commit/234e3437019c6c07537ed2ad1e03b3e132b85e34
https://www.mend.io/vulnerability-database/WS-2020-0345

Severity Score

Weakness Type (CWE)

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CWE-1321

Top Fix

icon

Upgrade Version

Upgrade to version chrisbraybrooke/laravel-ecommerce - 0.0.56;chrisbraybrooke/laravel-ecommerce - 0.0.11;chrisbraybrooke/laravel-ecommerce - dev-form-field-key;node-sass-bundle - 1.0.2;node-sass-bundle - no_fix;pwptemplatepusintek - no_fix;jquery - 3.4.0;Raml.Parser - 1.0.7;Tinfoil - no_fix;yuan1994/wechat_web_devtools - 0.15.152901-core;mpcmf/mpcmf-web-app - 1.0.0.x-dev;mpcmf/mpcmf-web-app - no_fix;neon-sys - 0.1.11;jsdom - 11.11.0;seidemann-web/wave-theme - dev-WT-36/Sticky-Header-Fixes;seidemann-web/wave-theme - dev-fixUpLanguageConstants;seidemann-web/wave-theme - no_fix;seidemann-web/wave-theme - dev-omage-theme;Betclic.BuildTools.Node - no_fix;MIDIator.WebClient - 1.0.105;zombie.js - no_fix;azure-cli - no_fix;svg2png - no_fix;z3/t3build-node - 1.0.11;kayrules/solatjakim-api-site - dev-version-1.0;nanny-sys - no_fix;jsonpointer - 4.1.0;Npm.js - no_fix;NodeBin - no_fix;ilhanet/erpnet-widget-resource - no_fix;trezebits/trezevel-gallery - no_fix;nodejs - 8.8.1;computerundsound/curserver - no_fix;computerundsound/curserver - 2.2.0;erdiko/user-admin - no_fix;erdiko/user-admin - dev-ER-91;spiral/toolkit - v0.8.18;spiral/toolkit - v0.8.20;spiral/toolkit - v0.9.0;Ncapsulate.Node.Shadow - no_fix;oburatongoi/productivity - 0.3.36;oburatongoi/productivity - 0.0.13;Tools.Npm - no_fix;humanmade/coding-standards - dev-dependabot/npm_and_yarn/json-schema-0.4.0;humanmade/coding-standards - v0.4.1;Npm - no_fix;Yarn.MSBuild - 0.22.0;Npm3 - no_fix;dreamfactory/df-api-docs-ui - 1.1.0;limefamily/yii2-limetheme - 1.0.12;oxid-esales/wave-theme - dev-oxscript-google-analytics;Yarnpkg.Yarn - 0.26.1;org.webjars:npm:4.4.4;org.webjars:npm:4.0.2;org.webjars.npm:bower:1.8.12;org.webjars.npm:bourbon-neat:2.1.0;org.webjars:browser-sync:no_fix;org.webjars.npm:jsonpointer:4.1.0

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): NONE
Scope (S): CHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): NONE

Do you need more information?

Contact Us