Main Vulnerability Database Vulnerabilities #VU107988

#VU107988 Prototype pollution in doc-path - CVE-2020-7772

Published: April 28, 2025

Vulnerability identifier: #VU107988

Vulnerability risk: Critical

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Red

CVE-ID: CVE-2020-7772

CWE-ID: CWE-1321

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
doc-path

Software vendor:
Marcelo Rodrigo

Description

The vulnerability allows a remote attacker to execute arbitrary JavaScript code.

The vulnerability exists due to improper input validation. A remote attacker can pass specially crafted input to the application and perform prototype pollution, which can result in information disclosure or data manipulation.

Remediation

Install updates from vendor's website.

External links

https://github.com/mrodrig/doc-path/blob/stable/src/path.js%23L54
https://github.com/mrodrig/doc-path/commit/3e2bb168cf303bffcd7fae5f8d05e5300c1541c7
https://snyk.io/vuln/SNYK-JS-DOCPATH-1011952

#VU107988 Prototype pollution in doc-path - CVE-2020-7772

Description

Remediation

External links

Please verify you're human