CVE-2020-8268
npm/json8-merge-patch
Improper Input Validation
Prototype pollution vulnerability in json8-merge-patch npm package may allow attackers to inject or modify methods and properties of the global object constructor.
All versions before 1.0.3
Upgrade to version 1.0.3 or above.
2020-11-20
source |