CVE-2020-8158

Prototype pollution vulnerability in the TypeORM package < 0.2.25 may allow attackers to add or modify Object properties leading to further denial of service or SQL injection attacks.
References
Link Resource
https://hackerone.com/reports/869574 Exploit Patch Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:typeorm:typeorm:*:*:*:*:*:node.js:*:*

History

05 Aug 2022, 19:31

Type Values Removed Values Added
CWE CWE-89 CWE-1321

Information

Published : 2020-09-18 21:15

Updated : 2022-08-05 19:31


NVD link : CVE-2020-8158

Mitre link : CVE-2020-8158


JSON object : View

Products Affected

typeorm

  • typeorm
CWE
CWE-1321

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')