Security Advisory

CVE-2020-7766

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-11-10 15:35:15

Last updated 2024-09-16 22:14:07

Assigner snyk

State PUBLISHED

Description

This affects all versions of package json-ptr. The issue occurs in the set operation (https://flitbit.github.io/json-ptr/classes/_src_pointer_.jsonpointer.htmlset) when the force flag is set to true. The function recursively set the property in the target object, however it does not properly check the key being set, leading to a prototype pollution.

← Browse all CVEs View on cve.org ↗