CVE-2020-28442
Published
CVSS v3
7.5
HIGH
CVSS v2
7.5
HIGH
Affected
1
PROJECT
Description
All versions of package js-data are vulnerable to Prototype Pollution via the deepFillIn function.
Give your data the treatment it deserves with a framework-agnostic, datastore-agnostic JavaScript ORM built for ease of use and peace of mind. Works in Node.js and in the Browser. Main Site: http://js-data.io, API Reference Docs: http://api.js-data.io/js-data
GitHub