CVE-2020-7600 Vulnerability in npm package querymen

Description

querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks.

Remediation

References

https://snyk.io/vuln/SNYK-JS-QUERYMEN-559867

https://github.com/diegohaz/querymen/commit/1987fefcb3b7508253a29502a008d5063a873cef

Related Vulnerabilities

CVE-2023-27296 Vulnerability in maven package org.apache.inlong:manager-pojo

CVE-2022-48285 Vulnerability in maven package org.webjars.bowergithub.stuk:jszip

CVE-2022-23496 Vulnerability in maven package nl.basjes.parse.useragent:yauaa-elasticsearch

CVE-2019-10768 Vulnerability in maven package org.webjars.bowergithub.angular:angular

CVE-2020-14446 Vulnerability in maven package org.wso2.carbon.identity.framework:org.wso2.carbon.identity.entitlement.ui

Severity

Medium

Classification

CWE-1321 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N