VDB
CVE-2020-15084
CVE-2020-15084
PUBLISHED
Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95).
EPSS 0.22% · 44.8th percentile
Risk Scores
EPSS Score
0.22%
44.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
Timeline
- Jun 30, 2020 CVE Published
- Jul 8, 2020 CVE Updated
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 6, 2021 PoC Published
- Oct 25, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 27, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Apr 7, 2022 PoC Published
References
- https://www.ibm.com/support/pages/node/6614909 advisory
- https://www.ibm.com/support/pages/node/6614725 advisory
- https://snyk.io/vuln/SNYK-JS-MINIMIST-559764 url
- https://github.com/Marynk/JavaScript-vulnerability-detection/blob/main/minimist%20PoC.zip url
- https://github.com/substack/minimist/blob/master/index.js#L69 url
- https://stackoverflow.com/questions/8588563/adding-custom-properties-to-a-function/20278068#20278068 url
- https://github.com/substack/minimist/issues/164 url
- https://security.netapp.com/advisory/ntap-20240621-0006/ url