Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYzOWgtcW0zMi04Z3dx

Improperly Controlled Modification of Dynamically-Determined Object Attributes in express-mock-middleware

express-mock-middleware through 0.0.6 is vulnerable to Prototype Pollution. Exported functions by the package can be tricked into adding or modifying properties of the Object.prototype. Exploitation of this vulnerability requires creation of a new directory where an attack code can be placed which will then be exported by express-mock-middleware. As such, this is considered to be a low risk.

Permalink: https://github.com/advisories/GHSA-v39h-qm32-8gwq
JSON: https://advisories.ecosyste.ms/api/v1/advisories/MDE2OlNlY3VyaXR5QWR2aXNvcnlHSFNBLXYzOWgtcW0zMi04Z3dx
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 3 years ago
Updated: over 1 year ago


CVSS Score: 5.3
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Identifiers: GHSA-v39h-qm32-8gwq, CVE-2020-7616
References: Repository: https://github.com/LingyuCoder/express-mock-middleware
Blast Radius: 5.3

Affected Packages

npm:express-mock-middleware
Dependent packages: 1
Dependent repositories: 10
Downloads: 176 last month
Affected Version Ranges: <= 0.0.6
No known fixed version
All affected versions: 0.0.1, 0.0.2, 0.0.3, 0.0.5, 0.0.6