CVE-2020-7598
MEDIUM5.6EPSS 0.19%Prototype Pollution in minimist
發布日:2020/4/3修改日:2026/4/28
描述
minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload.
受影響套件(2)
- Debian/node-minimistfrom 0, < 1.2.5-1
- npm/minimistfrom 0, < 0.2.1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.6 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L |
參考連結(10)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2020-7598
- ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2020-7598
- PATCHhttps://github.com/substack/minimist
- WEBhttp://lists.opensuse.org/opensuse-security-announce/2020-06/msg00024.html
- WEBhttps://github.com/minimistjs/minimist/commit/10bd4cdf49d9686d48214be9d579a9cdfda37c68
- WEBhttps://github.com/minimistjs/minimist/commit/38a4d1caead72ef99e824bb420a2528eec03d9ab
- WEBhttps://github.com/minimistjs/minimist/commit/4cf1354839cb972e38496d35e12f806eea92c11f#diff-a1e0ee62c91705696ddb71aa30ad4f95
- WEBhttps://github.com/minimistjs/minimist/commit/63e7ed05aa4b1889ec2f3b196426db4500cbda94
- WEBhttps://snyk.io/vuln/SNYK-JS-MINIMIST-559764
- WEBhttps://www.npmjs.com/advisories/1179