CVE-2020-28280

Prototype pollution vulnerability in 'predefine' versions 0.0.0 through 0.1.2 allows an attacker to cause a denial of service and may lead to remote code execution.
Configurations

Configuration 1 (hide)

cpe:2.3:a:predefine_project:predefine:*:*:*:*:*:node.js:*:*

History

21 Nov 2024, 05:22

Type Values Removed Values Added
References () https://github.com/bigpipe/predefine/blob/238137e3d1b8288ff5d7529c3cbcdd371888c26b/index.js#L284 - Exploit, Third Party Advisory () https://github.com/bigpipe/predefine/blob/238137e3d1b8288ff5d7529c3cbcdd371888c26b/index.js#L284 - Exploit, Third Party Advisory
References () https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28280 - Broken Link, Third Party Advisory () https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28280 - Broken Link, Third Party Advisory

Information

Published : 2020-12-29 18:15

Updated : 2024-11-21 05:22


NVD link : CVE-2020-28280

Mitre link : CVE-2020-28280

CVE.ORG link : CVE-2020-28280


JSON object : View

Products Affected

predefine_project

  • predefine