Headline
CVE-2020-28268: Mend Vulnerability Database
Prototype pollution vulnerability in ‘controlled-merge’ versions 1.0.0 through 1.2.0 allows attacker to cause a denial of service and may lead to remote code execution.
****Upgrade Version****
Upgrade to version controlled-merge - 1.3.0
Learn More
Base Score:
7.5
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
None
Scope (S):
Unchanged
Confidentiality ©:
None
Integrity (I):
None
Availability (A):
High
Base Score:
5.0
Access Vector (AV):
Network
Access Complexity (AC):
Low
Authentication (AU):
None
Confidentiality ©:
None
Integrity (I):
None
Availability (A):
Partial
Additional information:
Related Resources (4)