CVE-2020-7641

low-risk
Published 2022-07-17

This affects all versions of package grunt-util-property. The function call could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.

Do I need to act?

-
0.05% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.0/10 Medium
LOCAL / HIGH complexity

Affected Products (2)

Grunt-Util-Property
Grunt-Util-Property

Affected Vendors

Grunt-Util-Property Project

References (4)

Broken Link https://github.com/mikaelkaron/grunt-util-property/blob/master/main.js%23L41
Exploit https://security.snyk.io/vuln/SNYK-JS-GRUNTUTILPROPERTY-565088
Broken Link https://github.com/mikaelkaron/grunt-util-property/blob/master/main.js%23L41
Exploit https://security.snyk.io/vuln/SNYK-JS-GRUNTUTILPROPERTY-565088
17
/ 100
low-risk
Severity 10/34 · Low
Exploitability 0/34 · Minimal
Exposure 7/34 · Low