CVE-2020-8158

Critical

Prototype pollution vulnerability in the TypeORM package < 0.2.25 may allow attackers to add or modify Object properties leading to further…

hackerone·CWE-471·Published 2020-09-18

CVSS

9.8

EPSS

0.02

KEV

Exploits

cve.orgen

183 chars

Prototype pollution vulnerability in the TypeORM package < 0.2.25 may allow attackers to add or modify Object properties leading to further denial of service or SQL injection attacks.

NVDen

183 chars

Prototype pollution vulnerability in the TypeORM package < 0.2.25 may allow attackers to add or modify Object properties leading to further denial of service or SQL injection attacks.

GHSAen

183 chars

Prototype pollution vulnerability in the TypeORM package < 0.2.25 may allow attackers to add or modify Object properties leading to further denial of service or SQL injection attacks.

NVDes

247 chars

La vulnerabilidad de contaminación del prototipo en el paquete TypeORM versiones anteriores a 0.2.25, puede permitir a atacantes agregar o modificar las propiedades del Objeto, conllevando a nuevos ataques de denegación de servicio o inyección SQL

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.1	Secondary	GHSA	9.8	—	—	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H