CVE-2020-7770
Prototype pollution in json8
9.8
CRITICAL
CVSS 3.1
EPSS 0.33%
Description
This affects the package json8 before 1.0.3. The function adds in the target object the property specified in the path, however it does not properly check the key being set, leading to a prototype pollution.
How to fix CVE-2020-7770
To remediate CVE-2020-7770, upgrade the affected package to a fixed version below.
- npm/json8—upgrade to 1.0.3 or later
Is CVE-2020-7770 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.0.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |