Vulnerability Description
sds through 3.2.0 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of the 'Object.prototype' by abusing the 'set' function located in 'js/set.js'.
CVSS Score
5.3
MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sds Project | Sds | <= 3.2.0 |
Related Weaknesses (CWE)
References
- https://github.com/monsterkodi/sds/blob/master/js/set.js#L31Third Party Advisory
- https://snyk.io/vuln/SNYK-JS-SDS-564123ExploitThird Party Advisory
- https://github.com/monsterkodi/sds/blob/master/js/set.js#L31Third Party Advisory
- https://snyk.io/vuln/SNYK-JS-SDS-564123ExploitThird Party Advisory
FAQ
What is CVE-2020-7618?
CVE-2020-7618 is a vulnerability with a CVSS score of 5.3 (MEDIUM). sds through 3.2.0 is vulnerable to Prototype Pollution.The library could be tricked into adding or modifying properties of the 'Object.prototype' by abusing the 'set' function located in 'js/set.js'.
How severe is CVE-2020-7618?
CVE-2020-7618 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-7618?
Check the references section above for vendor advisories and patch information. Affected products include: Sds Project Sds.