CVE-2020-7770

Improper Input Validation in npm/json8

Identifiers

CVE-2020-7770

Package Slug

npm/json8

Vulnerability

Improper Input Validation

Description

The apply function adds in the target object the property specified in the path, however it does not properly check the key being set, leading to a prototype pollution.

Affected Versions

All versions before 1.0.3

Solution

Upgrade to version 1.0.3 or above.

Last Modified

2020-11-26

source