Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for dot-prop by dot-prop_project

    CVE-2020-8116 (GCVE-0-2020-8116)

    Vulnerability from nvd – Published: 2020-02-04 19:08 – Updated: 2024-08-04 09:48
    VLAI
    Summary
    Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.
    Severity
    No CVSS data available.
    CWE
    • CWE-471 - Modification of Assumed-Immutable Data (MAID) (CWE-471)
    Assigner
    Impacted products
    Vendor Product Version
    n/a dot-prop Affected: before 4.2.1
    Affected: 5.x before 5.1.1
    Affected: Fixed in 5.1.1
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:48:25.632Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/719856"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/sindresorhus/dot-prop/tree/v4"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/advisories/GHSA-ff7x-qrg7-qggm"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/sindresorhus/dot-prop/issues/63"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "dot-prop",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 4.2.1"
                },
                {
                  "status": "affected",
                  "version": "5.x before 5.1.1"
                },
                {
                  "status": "affected",
                  "version": "Fixed in 5.1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-471",
                  "description": "Modification of Assumed-Immutable Data (MAID) (CWE-471)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-09-10T14:12:12.000Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackerone.com/reports/719856"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/sindresorhus/dot-prop/tree/v4"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/advisories/GHSA-ff7x-qrg7-qggm"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/sindresorhus/dot-prop/issues/63"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "support@hackerone.com",
              "ID": "CVE-2020-8116",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "dot-prop",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 4.2.1"
                              },
                              {
                                "version_value": "5.x before 5.1.1"
                              },
                              {
                                "version_value": "Fixed in 5.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Modification of Assumed-Immutable Data (MAID) (CWE-471)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hackerone.com/reports/719856",
                  "refsource": "MISC",
                  "url": "https://hackerone.com/reports/719856"
                },
                {
                  "name": "https://github.com/sindresorhus/dot-prop/tree/v4",
                  "refsource": "MISC",
                  "url": "https://github.com/sindresorhus/dot-prop/tree/v4"
                },
                {
                  "name": "https://github.com/advisories/GHSA-ff7x-qrg7-qggm",
                  "refsource": "MISC",
                  "url": "https://github.com/advisories/GHSA-ff7x-qrg7-qggm"
                },
                {
                  "name": "https://github.com/sindresorhus/dot-prop/issues/63",
                  "refsource": "MISC",
                  "url": "https://github.com/sindresorhus/dot-prop/issues/63"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2020-8116",
        "datePublished": "2020-02-04T19:08:57.000Z",
        "dateReserved": "2020-01-28T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:48:25.632Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-8116 (GCVE-0-2020-8116)

    Vulnerability from cvelistv5 – Published: 2020-02-04 19:08 – Updated: 2024-08-04 09:48
    VLAI
    Summary
    Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.
    Severity
    No CVSS data available.
    CWE
    • CWE-471 - Modification of Assumed-Immutable Data (MAID) (CWE-471)
    Assigner
    Impacted products
    Vendor Product Version
    n/a dot-prop Affected: before 4.2.1
    Affected: 5.x before 5.1.1
    Affected: Fixed in 5.1.1
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T09:48:25.632Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://hackerone.com/reports/719856"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/sindresorhus/dot-prop/tree/v4"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/advisories/GHSA-ff7x-qrg7-qggm"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://github.com/sindresorhus/dot-prop/issues/63"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "dot-prop",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "before 4.2.1"
                },
                {
                  "status": "affected",
                  "version": "5.x before 5.1.1"
                },
                {
                  "status": "affected",
                  "version": "Fixed in 5.1.1"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-471",
                  "description": "Modification of Assumed-Immutable Data (MAID) (CWE-471)",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-09-10T14:12:12.000Z",
            "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
            "shortName": "hackerone"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://hackerone.com/reports/719856"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/sindresorhus/dot-prop/tree/v4"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/advisories/GHSA-ff7x-qrg7-qggm"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://github.com/sindresorhus/dot-prop/issues/63"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "support@hackerone.com",
              "ID": "CVE-2020-8116",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "dot-prop",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "before 4.2.1"
                              },
                              {
                                "version_value": "5.x before 5.1.1"
                              },
                              {
                                "version_value": "Fixed in 5.1.1"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Modification of Assumed-Immutable Data (MAID) (CWE-471)"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://hackerone.com/reports/719856",
                  "refsource": "MISC",
                  "url": "https://hackerone.com/reports/719856"
                },
                {
                  "name": "https://github.com/sindresorhus/dot-prop/tree/v4",
                  "refsource": "MISC",
                  "url": "https://github.com/sindresorhus/dot-prop/tree/v4"
                },
                {
                  "name": "https://github.com/advisories/GHSA-ff7x-qrg7-qggm",
                  "refsource": "MISC",
                  "url": "https://github.com/advisories/GHSA-ff7x-qrg7-qggm"
                },
                {
                  "name": "https://github.com/sindresorhus/dot-prop/issues/63",
                  "refsource": "MISC",
                  "url": "https://github.com/sindresorhus/dot-prop/issues/63"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "assignerShortName": "hackerone",
        "cveId": "CVE-2020-8116",
        "datePublished": "2020-02-04T19:08:57.000Z",
        "dateReserved": "2020-01-28T00:00:00.000Z",
        "dateUpdated": "2024-08-04T09:48:25.632Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }