icon

We found results for “

WS-2020-0079

Date: May 20, 2020

unflatten through 1.0.4 is vulnerable to prototype pollution. The function unflatten does not restrict the modification of an Object's prototype, which may allow an attacker to add or modify an existing property that will exist on all objects.

Language: JS

Severity Score

Severity Score

Weakness Type (CWE)

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CWE-1321

CVSS v3.1

Base Score:
Attack Vector (AV): LOCAL
Attack Complexity (AC): LOW
Privileges Required (PR): NONE
User Interaction (UI): REQUIRED
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): NONE
Availability (A): HIGH

Do you need more information?

Contact Us