CVE-2020-7766
npm/json-ptr
Injection Vulnerability
This affects all versions of package json-ptr. The issue occurs in the set operation https://flitbit.github.io/json-ptr/classes/_src_pointer_.jsonpointer.html#set
when the force flag is set to true. The function recursively sets the property in the target object, however it does not properly check the key being set, leading to a prototype pollution.
All versions before 2.0.0
Upgrade to version 2.0.0 or above.
2020-11-26
source |