CVE-2020-7598Prototype Pollution in Minimist

CWE-1321Prototype PollutionCWE-20Improper Input Validation13 documents6 sources
Severity
5.6MEDIUMNVD
EPSS
0.2%
top 56.03%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Substack MinimistDebian Node-minimistOpensuse Leap
Timeline
PublishedMar 11
Latest updateMar 10

Description

minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:LExploitability: 2.2 | Impact: 3.4

Affected Packages5 packages

NVDsubstack/minimist< 1.2.2
npmsubstack/minimist1.0.01.2.3+2
debiandebian/node-minimist< node-minimist 1.2.5-1 (bookworm)
CVEListV5substack/minimistAll versions prior to version 1.2.2
NVDopensuse/leap15.1

Patches

Patch: snyk.ioPatch: snyk.io

🔴Vulnerability Details

5
GHSA
Prototype Pollution in minimist2020-04-03
OSV
Prototype Pollution in minimist2020-04-03
GHSA
Withdrawn: ESLint dependencies are vulnerable (ReDoS and Prototype Pollution)2020-03-13
OSV
Withdrawn: ESLint dependencies are vulnerable (ReDoS and Prototype Pollution)2020-03-13
OSV
CVE-2020-7598: minimist before 12020-03-11

📋Vendor Advisories

3
Red Hat
minimist: prototype pollution2022-03-10
Red Hat
nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload2020-03-10
Debian
CVE-2020-7598: node-minimist - minimist before 1.2.2 could be tricked into adding or modifying properties of Ob...2020

💬Community

4
Bugzilla
CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload [fedora-all]2020-03-13
Bugzilla
CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload [epel-7]2020-03-13
Bugzilla
CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload [epel-6]2020-03-13
Bugzilla
CVE-2020-7598 nodejs-minimist: prototype pollution allows adding or modifying properties of Object.prototype using a constructor or __proto__ payload2020-03-13
CVE-2020-7598 — Prototype Pollution in Minimist | cvebase