Prototype pollution vulnerability in json8-merge-patch npm package < 1.0.3 may allow attackers to inject or modify methods and properties of the global object constructor.
References
Link | Resource |
---|---|
https://hackerone.com/reports/980649 | Exploit Issue Tracking Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: hackerone
Published: 2020-11-09T14:06:21
Updated: 2020-11-09T14:06:21
Reserved: 2020-01-28T00:00:00
Link: CVE-2020-8268
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-11-09T15:15:13.523
Modified: 2020-11-18T15:02:24.330
Link: CVE-2020-8268
JSON object: View
Redhat Information
No data.