CVE-2020-7600

querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks.
Configurations

Configuration 1

cpe:2.3:a:querymen_project:querymen:*:*:*:*:*:*:*:*

Information

Published : 2020-03-12 11:15

Updated : 2022-12-02 07:58


NVD link : CVE-2020-7600

Mitre link : CVE-2020-7600

Products Affected
No products.
CWE
CWE-1321

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')