Vulnerabilities

CVE-2020-7600

by Fred · 12/03/2020

querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks.

Date published : 2020-03-12

https://github.com/diegohaz/querymen/commit/1987fefcb3b7508253a29502a008d5063a873cef

https://snyk.io/vuln/SNYK-JS-QUERYMEN-559867

Similar

Tags: Cybersecurity Alert