CVE-2020-7616: Improper Input Validation

April 7, 2020 (updated July 21, 2021)

express-mock-middleware is vulnerable to Prototype Pollution. Exported functions by the package can be tricked into adding or modifying properties of the Object.prototype. Exploitation of this vulnerability requires creation of a new directory where an attack code can be placed which will then be exported by express-mock-middleware.

References

nvd.nist.gov/vuln/detail/CVE-2020-7616

Detect and mitigate CVE-2020-7616 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →