Main Vulnerability Database Vulnerabilities #VU118197

#VU118197 Prototype pollution in pathval - CVE-2020-7751

Published: November 7, 2025

Vulnerability identifier: #VU118197

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:L/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-7751

CWE-ID: CWE-1321

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
pathval

Software vendor:
chaijs

Description

The vulnerability allows a remote privileged user to execute arbitrary JavaScript code.

The vulnerability exists due to improper input validation. A remote privileged user can pass specially crafted input to the application and perform prototype pollution, which can result in information disclosure or data manipulation.

Remediation

Cybersecurity Help is currently unaware of any official solution to address this vulnerability..

External links

https://github.com/chaijs/pathval/pull/58/files
https://snyk.io/vuln/SNYK-JS-PATHVAL-596926

#VU118197 Prototype pollution in pathval - CVE-2020-7751

Description

Remediation

External links

Please verify you're human