Vulnerability Description
This affects all versions of package mout. The deepFillIn function can be used to 'fill missing properties recursively', while the deepMixIn 'mixes objects into the target object, recursively mixing existing child objects as well'. In both cases, the key used to access the target object recursively is not checked, leading to a Prototype Pollution.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Moutjs | Mout | All versions |
Related Weaknesses (CWE)
References
- https://github.com/mout/mout/blob/master/src/object/deepFillIn.jsExploitThird Party Advisory
- https://github.com/mout/mout/blob/master/src/object/deepMixIn.jsExploitThird Party Advisory
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1050374ExploitThird Party Advisory
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1050373ExploitThird Party Advisory
- https://snyk.io/vuln/SNYK-JS-MOUT-1014544ExploitThird Party Advisory
- https://github.com/mout/mout/blob/master/src/object/deepFillIn.jsExploitThird Party Advisory
- https://github.com/mout/mout/blob/master/src/object/deepMixIn.jsExploitThird Party Advisory
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-1050374ExploitThird Party Advisory
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1050373ExploitThird Party Advisory
- https://snyk.io/vuln/SNYK-JS-MOUT-1014544ExploitThird Party Advisory
FAQ
What is CVE-2020-7792?
CVE-2020-7792 is a vulnerability with a CVSS score of 7.5 (HIGH). This affects all versions of package mout. The deepFillIn function can be used to 'fill missing properties recursively', while the deepMixIn 'mixes objects into the target object, recursively mixing e...
How severe is CVE-2020-7792?
CVE-2020-7792 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-7792?
Check the references section above for vendor advisories and patch information. Affected products include: Moutjs Mout.