cve/CVE-2020-7766.md at 555e9c7de4cd05afceb29c861f75c943c3c8d5d4

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-12-30 04:49:42 +00:00

marc 555e9c7de4 Update Sat May 25 21:48:12 CEST 2024

2024-05-25 21:48:12 +02:00

Description

This affects all versions of package json-ptr. The issue occurs in the set operation (https://flitbit.github.io/json-ptr/classes/src_pointer.jsonpointer.htmlset) when the force flag is set to true. The function recursively set the property in the target object, however it does not properly check the key being set, leading to a prototype pollution.

POC

Reference

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038396
https://snyk.io/vuln/SNYK-JS-JSONPTR-1016939

Github

https://github.com/Live-Hack-CVE/CVE-2020-7766
https://github.com/dellalibera/dellalibera

963 B Raw Blame History

CVE-2020-7766

Description

POC

Reference

Github

963 B

Raw Blame History