CVE-2020-7766

CVE-2020-7766

npm/json-ptr

Injection Vulnerability

This affects all versions of package json-ptr. The issue occurs in the set operation https://flitbit.github.io/json-ptr/classes/_src_pointer_.jsonpointer.html#set when the force flag is set to true. The function recursively sets the property in the target object, however it does not properly check the key being set, leading to a prototype pollution.

All versions before 2.0.0

Upgrade to version 2.0.0 or above.

2020-11-26