Vulnerability Details : CVE-2020-28471
This affects the package properties-reader before 2.2.0.
Products affected by CVE-2020-28471
- cpe:2.3:a:properties-reader_project:properties-reader:*:*:*:*:*:node.js:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-28471
0.33%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 71 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-28471
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | |
7.3
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L |
3.9
|
3.4
|
Snyk |
CWE ids for CVE-2020-28471
-
The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-28471
-
https://github.com/steveukx/properties/issues/40
Snyk - potential prototype pollution · Issue #40 · steveukx/properties · GitHubExploit;Issue Tracking;Third Party Advisory
-
https://github.com/steveukx/properties/commit/0877cc871db9865f58dd9389ce99e61be05380a5
Test case covering the use of `__proto__` as a section name · steveukx/properties@0877cc8 · GitHubPatch;Third Party Advisory
-
https://security.snyk.io/vuln/SNYK-JS-PROPERTIESREADER-1048968
Prototype Pollution in properties-reader | CVE-2020-28471 | SnykExploit;Third Party Advisory
Jump to