CVE-2020-8268

Improper Input Validation in npm/json8-merge-patch

Identifier

CVE-2020-8268

Package Slug

npm/json8-merge-patch

Vulnerability

Improper Input Validation

Description

Prototype pollution vulnerability in json8-merge-patch npm package may allow attackers to inject or modify methods and properties of the global object constructor.

Affected Versions

All versions before 1.0.3

Solution

Upgrade to version 1.0.3 or above.

Last Modified

2020-11-20

source