cve/CVE-2020-7766.md at eda58812c5773678e9432b65209fee245db925e7

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-07 11:06:19 +00:00

0xMarcio ba290685fe Update CVE sources 2024-06-09 00:33

2024-06-09 00:33:16 +00:00

Description

This affects all versions of package json-ptr. The issue occurs in the set operation (https://flitbit.github.io/json-ptr/classes/src_pointer.jsonpointer.htmlset) when the force flag is set to true. The function recursively set the property in the target object, however it does not properly check the key being set, leading to a prototype pollution.

POC

Reference

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038396
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1038396
https://snyk.io/vuln/SNYK-JS-JSONPTR-1016939
https://snyk.io/vuln/SNYK-JS-JSONPTR-1016939

Github

https://github.com/Live-Hack-CVE/CVE-2020-7766
https://github.com/dellalibera/dellalibera

1.0 KiB Raw Blame History

CVE-2020-7766

Description

POC

Reference

Github

1.0 KiB

Raw Blame History