Prototype Pollution in node-oojs

Description

All versions of package node-oojs up to and including version 1.4.0 are vulnerable to Prototype Pollution via the setPath function.

Recommendation

No fix is available yet. Followings are affected versions:

• <= 1.4.0

References

• GHSA-j4rw-x3vg-c8r7
• snyk.io
• CVE-2020-7721
• CWE-1321
• CAPEC-310
• OWASP 2021-A6

Related Issues

• Prototype Pollution in node-forge - CVE-2020-7720
• shvl vulnerable to prototype pollution - CVE-2020-28278
• Prototype Pollution in highlight.js - CVE-2020-26237
• Prototype pollution in pathval - CVE-2020-7751

You might also like:

How to Secure your NodeJs Express Javascript Application - part 1

How to Secure your NodeJs Express Javascript Application - part 2

10 Secure Coding Best Practices to Follow in Every Project

Tags:

npm

node-oojs