#VU49119 Prototype pollution


Published: 2020-09-18 | Updated: 2020-12-22

Vulnerability identifier: #VU49119

Vulnerability risk: Medium

CVSSv3.1:

CVE-ID: CVE-2020-8237

CWE-ID: CWE-94

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
json-bigint
Web applications / Modules and components for CMS

Vendor: Andrey Sidorov

Description

The disclosed vulnerability allows a remote attacker to perform a DoS attack.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can inject arbitrary code and perform a denial of service (DoS) attack.

Mitigation
Install update from vendor's website.

Vulnerable software versions

json-bigint: 0.0.2 - 0.4.0


CPE

External links
http://hackerone.com/reports/916430


Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?


Latest bulletins with this vulnerability