CVE-2019-10792

Published February 18th, 2020

View on NVD ↗

CVSS v3

6.3

MEDIUM

CVSS v2

6.5

MEDIUM

Affected

PROJECT

Description

bodymen before 1.1.1 is vulnerable to Prototype Pollution. The handler function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.

diegohaz/bodymen

Body parser middleware for MongoDB, Express and Nodejs (MEN)

GitHub