CVE-2020-8141

The dot package v1.1.2 uses Function() to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype.
References
Link Resource
https://hackerone.com/reports/390929 Exploit Mitigation
Configurations

Configuration 1

cpe:2.3:a:dot_project:dot:1.1.2:*:*:*:*:node.js:*:*

Information

Published : 2020-03-15 06:15

Updated : 2020-03-17 08:07


NVD link : CVE-2020-8141

Mitre link : CVE-2020-8141

Products Affected
No products.
CWE