Vulnerability

CVE-2020-8203

 Report advisory or correction

CVSS Score 7.4 high

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H

CWE

CWE-1321

References

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8203

[CVE-2020-8203] CWE-1321 CWE-770

Description

Prototype pollution attack when using _.zipObjectDeep in lodash before 4.17.20.

See lodash package information