CVE-2020-8116 — Vulnetix

Try Vulnetix Request Demo

CVE-2020-8116 PUBLISHED

Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.

EPSS 0.76% · 73.3th percentile

Risk Scores

EPSS Score

0.76%

73.3th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:18.04:LTS	node-dot-prop	0, 4.1.1-1

Timeline

CVE Published
Oct 23, 2018 PoC Published
Jan 28, 2020 PoC Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Aug 23, 2021 EPSS Score
Oct 24, 2021 EPSS Score
Feb 4, 2022 EPSS Score
Feb 25, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Jun 29, 2022 EPSS Score
Aug 31, 2022 EPSS Score

References

https://ubuntu.com/security/CVE-2020-8116 third-party-advisory
https://hackerone.com/reports/719856 third-party-advisory
https://github.com/sindresorhus/dot-prop/commit/3039c8c07f6fdaa8b595ec869ae0895686a7a0f2 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2020-8116 third-party-advisory

Open in Interactive Console →