Prototype pollution in pathval · CVE-2020-7751 · GitHub Advisory Database · GitHub

Prototype pollution in pathval

High severity GitHub Reviewed Published Feb 10, 2022 to the GitHub Advisory Database • Updated Feb 1, 2023

Package

pathval (npm)

Affected versions

< 1.1.1

Patched versions

1.1.1

Description

A prototype pollution vulnerability affects all versions of package pathval under 1.1.1.

References

Published by the National Vulnerability Database

Oct 26, 2020

Reviewed Apr 20, 2021

Published to the GitHub Advisory Database Feb 10, 2022

Last updated Feb 1, 2023

Severity

High

7.2

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

Low

Privileges required

High

User interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H