CVE-2020-8116 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2020-8116 Interim 1 4 2025-02-17T01:36:31Z current 2023-10-31T00:38:50Z 2025-02-17T01:36:31Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2020-8116 Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Liberty Linux 8 nodejs-12.18.4-2.module+el8.2.0+8361+192e434e nodejs-devel-12.18.4-2.module+el8.2.0+8361+192e434e nodejs-docs-12.18.4-2.module+el8.2.0+8361+192e434e nodejs-full-i18n-12.18.4-2.module+el8.2.0+8361+192e434e nodejs-nodemon-1.18.3-1.module+el8.1.0+3369+37ae6a45 nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45 npm-6.14.10-1.10.23.1.1.module+el8.3.0+9502+012d8a97 nodejs-12.18.4-2.module+el8.2.0+8361+192e434e as a component of SUSE Liberty Linux 8 nodejs-devel-12.18.4-2.module+el8.2.0+8361+192e434e as a component of SUSE Liberty Linux 8 nodejs-docs-12.18.4-2.module+el8.2.0+8361+192e434e as a component of SUSE Liberty Linux 8 nodejs-full-i18n-12.18.4-2.module+el8.2.0+8361+192e434e as a component of SUSE Liberty Linux 8 nodejs-nodemon-1.18.3-1.module+el8.1.0+3369+37ae6a45 as a component of SUSE Liberty Linux 8 nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45 as a component of SUSE Liberty Linux 8 npm-6.14.10-1.10.23.1.1.module+el8.3.0+9502+012d8a97 as a component of SUSE Liberty Linux 8 Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects. CVE-2020-8116 SUSE Liberty Linux 8:nodejs-12.18.4-2.module+el8.2.0+8361+192e434e SUSE Liberty Linux 8:nodejs-devel-12.18.4-2.module+el8.2.0+8361+192e434e SUSE Liberty Linux 8:nodejs-docs-12.18.4-2.module+el8.2.0+8361+192e434e SUSE Liberty Linux 8:nodejs-full-i18n-12.18.4-2.module+el8.2.0+8361+192e434e SUSE Liberty Linux 8:nodejs-nodemon-1.18.3-1.module+el8.1.0+3369+37ae6a45 SUSE Liberty Linux 8:nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45 SUSE Liberty Linux 8:npm-6.14.10-1.10.23.1.1.module+el8.3.0+9502+012d8a97 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L