CVE-2020-7598 - minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using

CVE-2020-7598

Summary

minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload.

References

Vulnerable Configurations

cpe:2.3:a:substack:minimist:-:*:*:*:*:node.js:*:*
cpe:2.3:a:substack:minimist:-:*:*:*:*:node.js:*:*
cpe:2.3:a:substack:minimist:0.0.0:*:*:*:*:node.js:*:*
cpe:2.3:a:substack:minimist:0.0.0:*:*:*:*:node.js:*:*
cpe:2.3:a:substack:minimist:0.0.1:*:*:*:*:node.js:*:*
cpe:2.3:a:substack:minimist:0.0.1:*:*:*:*:node.js:*:*
cpe:2.3:a:substack:minimist:0.0.2:*:*:*:*:node.js:*:*
cpe:2.3:a:substack:minimist:0.0.2:*:*:*:*:node.js:*:*
cpe:2.3:a:substack:minimist:0.0.3:*:*:*:*:node.js:*:*
cpe:2.3:a:substack:minimist:0.0.3:*:*:*:*:node.js:*:*
cpe:2.3:a:substack:minimist:0.0.4:*:*:*:*:node.js:*:*
cpe:2.3:a:substack:minimist:0.0.4:*:*:*:*:node.js:*:*
cpe:2.3:a:substack:minimist:0.0.5:*:*:*:*:node.js:*:*
cpe:2.3:a:substack:minimist:0.0.5:*:*:*:*:node.js:*:*
cpe:2.3:a:substack:minimist:0.0.6:*:*:*:*:node.js:*:*
cpe:2.3:a:substack:minimist:0.0.6:*:*:*:*:node.js:*:*
cpe:2.3:a:substack:minimist:0.0.7:*:*:*:*:node.js:*:*
cpe:2.3:a:substack:minimist:0.0.7:*:*:*:*:node.js:*:*
cpe:2.3:a:substack:minimist:0.0.8:*:*:*:*:node.js:*:*
cpe:2.3:a:substack:minimist:0.0.8:*:*:*:*:node.js:*:*
cpe:2.3:a:substack:minimist:0.0.9:*:*:*:*:node.js:*:*
cpe:2.3:a:substack:minimist:0.0.9:*:*:*:*:node.js:*:*
cpe:2.3:a:substack:minimist:0.0.10:*:*:*:*:node.js:*:*
cpe:2.3:a:substack:minimist:0.0.10:*:*:*:*:node.js:*:*
cpe:2.3:a:substack:minimist:0.1.0:*:*:*:*:node.js:*:*
cpe:2.3:a:substack:minimist:0.1.0:*:*:*:*:node.js:*:*
cpe:2.3:a:substack:minimist:0.2.0:*:*:*:*:node.js:*:*
cpe:2.3:a:substack:minimist:0.2.0:*:*:*:*:node.js:*:*
cpe:2.3:a:substack:minimist:1.0.0:*:*:*:*:node.js:*:*
cpe:2.3:a:substack:minimist:1.0.0:*:*:*:*:node.js:*:*
cpe:2.3:a:substack:minimist:1.1.0:*:*:*:*:node.js:*:*
cpe:2.3:a:substack:minimist:1.1.0:*:*:*:*:node.js:*:*
cpe:2.3:a:substack:minimist:1.1.1:*:*:*:*:node.js:*:*
cpe:2.3:a:substack:minimist:1.1.1:*:*:*:*:node.js:*:*
cpe:2.3:a:substack:minimist:1.1.2:*:*:*:*:node.js:*:*
cpe:2.3:a:substack:minimist:1.1.2:*:*:*:*:node.js:*:*
cpe:2.3:a:substack:minimist:1.1.3:*:*:*:*:node.js:*:*
cpe:2.3:a:substack:minimist:1.1.3:*:*:*:*:node.js:*:*
cpe:2.3:a:substack:minimist:1.2.0:*:*:*:*:node.js:*:*
cpe:2.3:a:substack:minimist:1.2.0:*:*:*:*:node.js:*:*
cpe:2.3:a:substack:minimist:1.2.1:*:*:*:*:node.js:*:*
cpe:2.3:a:substack:minimist:1.2.1:*:*:*:*:node.js:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 22-04-2022 - 19:02)
Impact:
Exploitability:

CWE

CWE-1321

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

redhat via4

rpms

jaeger-0:v1.13.1.redhat7-1.el7
kiali-0:v1.0.11.redhat1-1.el7
servicemesh-grafana-0:6.2.2-36.el8
servicemesh-grafana-prometheus-0:6.2.2-36.el8
nodejs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5
nodejs-debuginfo-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5
nodejs-debugsource-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5
nodejs-devel-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5
nodejs-docs-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5
nodejs-full-i18n-1:12.18.2-1.module+el8.1.0+7232+f8b5ede5
nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45
nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45
npm-1:6.14.5-1.12.18.2.1.module+el8.1.0+7232+f8b5ede5
nodejs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3
nodejs-debuginfo-1:10.21.0-3.module+el8.2.0+7071+d2377ea3
nodejs-debugsource-1:10.21.0-3.module+el8.2.0+7071+d2377ea3
nodejs-devel-1:10.21.0-3.module+el8.2.0+7071+d2377ea3
nodejs-docs-1:10.21.0-3.module+el8.2.0+7071+d2377ea3
nodejs-full-i18n-1:10.21.0-3.module+el8.2.0+7071+d2377ea3
nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed
nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a
npm-1:6.14.4-1.10.21.0.3.module+el8.2.0+7071+d2377ea3
nodejs-1:10.21.0-3.module+el8.1.0+7070+fe09e702
nodejs-debuginfo-1:10.21.0-3.module+el8.1.0+7070+fe09e702
nodejs-debugsource-1:10.21.0-3.module+el8.1.0+7070+fe09e702
nodejs-devel-1:10.21.0-3.module+el8.1.0+7070+fe09e702
nodejs-docs-1:10.21.0-3.module+el8.1.0+7070+fe09e702
nodejs-full-i18n-1:10.21.0-3.module+el8.1.0+7070+fe09e702
nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed
nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a
npm-1:6.14.4-1.10.21.0.3.module+el8.1.0+7070+fe09e702
nodejs-1:12.18.2-1.module+el8.2.0+7233+61d664c1
nodejs-debuginfo-1:12.18.2-1.module+el8.2.0+7233+61d664c1
nodejs-debugsource-1:12.18.2-1.module+el8.2.0+7233+61d664c1
nodejs-devel-1:12.18.2-1.module+el8.2.0+7233+61d664c1
nodejs-docs-1:12.18.2-1.module+el8.2.0+7233+61d664c1
nodejs-full-i18n-1:12.18.2-1.module+el8.2.0+7233+61d664c1
nodejs-nodemon-0:1.18.3-1.module+el8.1.0+3369+37ae6a45
nodejs-packaging-0:17-3.module+el8.1.0+3369+37ae6a45
npm-1:6.14.5-1.12.18.2.1.module+el8.2.0+7233+61d664c1
rh-nodejs12-nodejs-0:12.18.2-1.el7
rh-nodejs12-nodejs-debuginfo-0:12.18.2-1.el7
rh-nodejs12-nodejs-devel-0:12.18.2-1.el7
rh-nodejs12-nodejs-docs-0:12.18.2-1.el7
rh-nodejs12-npm-0:6.14.5-12.18.2.1.el7
atomic-openshift-0:3.11.248-1.git.0.92ee8ac.el7
atomic-openshift-clients-0:3.11.248-1.git.0.92ee8ac.el7
atomic-openshift-clients-redistributable-0:3.11.248-1.git.0.92ee8ac.el7
atomic-openshift-docker-excluder-0:3.11.248-1.git.0.92ee8ac.el7
atomic-openshift-excluder-0:3.11.248-1.git.0.92ee8ac.el7
atomic-openshift-hyperkube-0:3.11.248-1.git.0.92ee8ac.el7
atomic-openshift-hypershift-0:3.11.248-1.git.0.92ee8ac.el7
atomic-openshift-master-0:3.11.248-1.git.0.92ee8ac.el7
atomic-openshift-node-0:3.11.248-1.git.0.92ee8ac.el7
atomic-openshift-pod-0:3.11.248-1.git.0.92ee8ac.el7
atomic-openshift-sdn-ovs-0:3.11.248-1.git.0.92ee8ac.el7
atomic-openshift-template-service-broker-0:3.11.248-1.git.0.92ee8ac.el7
atomic-openshift-tests-0:3.11.248-1.git.0.92ee8ac.el7
atomic-openshift-web-console-0:3.11.248-1.git.1.cc96c2d.el7
cri-o-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7
cri-o-debuginfo-0:1.11.16-0.10.dev.rhaos3.11.git1eee681.el7
nodejs-1:10.21.0-3.module+el8.0.0+7067+054302d1
nodejs-debuginfo-1:10.21.0-3.module+el8.0.0+7067+054302d1
nodejs-debugsource-1:10.21.0-3.module+el8.0.0+7067+054302d1
nodejs-devel-1:10.21.0-3.module+el8.0.0+7067+054302d1
nodejs-docs-1:10.21.0-3.module+el8.0.0+7067+054302d1
nodejs-full-i18n-1:10.21.0-3.module+el8.0.0+7067+054302d1
nodejs-nodemon-0:1.18.3-1.module+el8+2632+6c5111ed
nodejs-packaging-0:17-3.module+el8+2873+aa7dfd9a
npm-1:6.14.4-1.10.21.0.3.module+el8.0.0+7067+054302d1
rh-nodejs10-nodejs-0:10.21.0-3.el7
rh-nodejs10-nodejs-debuginfo-0:10.21.0-3.el7
rh-nodejs10-nodejs-devel-0:10.21.0-3.el7
rh-nodejs10-nodejs-docs-0:10.21.0-3.el7
rh-nodejs10-npm-0:6.14.4-10.21.0.3.el7
ansible-runner-0:1.4.5-1.el8ar
ansible-runner-service-0:1.0.2-1.el8ev
apache-commons-collections4-0:4.4-1.el8ev
apache-commons-collections4-javadoc-0:4.4-1.el8ev
apache-commons-compress-0:1.18-1.el8ev
apache-commons-compress-javadoc-0:1.18-1.el8ev
apache-commons-configuration-0:1.10-1.el8ev
apache-commons-jexl-0:2.1.1-1.el8ev
apache-commons-jexl-javadoc-0:2.1.1-1.el8ev
apache-commons-jxpath-0:1.3-29.el8ev
apache-commons-jxpath-javadoc-0:1.3-29.el8ev
apache-commons-vfs-0:2.4.1-1.el8ev
apache-commons-vfs-ant-0:2.4.1-1.el8ev
apache-commons-vfs-examples-0:2.4.1-1.el8ev
apache-commons-vfs-javadoc-0:2.4.1-1.el8ev
apache-sshd-0:2.5.1-1.el8ev
apache-sshd-javadoc-0:2.5.1-1.el8ev
ebay-cors-filter-0:1.0.1-4.el8ev
ed25519-java-0:0.3.0-1.el8ev
ed25519-java-javadoc-0:0.3.0-1.el8ev
engine-db-query-0:1.6.1-1.el8ev
java-client-kubevirt-0:0.5.0-1.el8ev
log4j12-0:1.2.17-22.el8ev
log4j12-javadoc-0:1.2.17-22.el8ev
m2crypto-debugsource-0:0.35.2-5.el8ev
makeself-0:2.4.0-4.el8ev
novnc-0:1.1.0-1.el8ost
openstack-java-ceilometer-client-0:3.2.9-1.el8ev
openstack-java-ceilometer-model-0:3.2.9-1.el8ev
openstack-java-cinder-client-0:3.2.9-1.el8ev
openstack-java-cinder-model-0:3.2.9-1.el8ev
openstack-java-client-0:3.2.9-1.el8ev
openstack-java-glance-client-0:3.2.9-1.el8ev
openstack-java-glance-model-0:3.2.9-1.el8ev
openstack-java-heat-client-0:3.2.9-1.el8ev
openstack-java-heat-model-0:3.2.9-1.el8ev
openstack-java-javadoc-0:3.2.9-1.el8ev
openstack-java-keystone-client-0:3.2.9-1.el8ev
openstack-java-keystone-model-0:3.2.9-1.el8ev
openstack-java-nova-client-0:3.2.9-1.el8ev
openstack-java-nova-model-0:3.2.9-1.el8ev
openstack-java-quantum-client-0:3.2.9-1.el8ev
openstack-java-quantum-model-0:3.2.9-1.el8ev
openstack-java-resteasy-connector-0:3.2.9-1.el8ev
openstack-java-swift-client-0:3.2.9-1.el8ev
openstack-java-swift-model-0:3.2.9-1.el8ev
ovirt-cockpit-sso-0:0.1.4-1.el8ev
ovirt-engine-0:4.4.1.8-0.7.el8ev
ovirt-engine-api-explorer-0:0.0.6-1.el8ev
ovirt-engine-backend-0:4.4.1.8-0.7.el8ev
ovirt-engine-dbscripts-0:4.4.1.8-0.7.el8ev
ovirt-engine-dwh-0:4.4.1.2-1.el8ev
ovirt-engine-dwh-grafana-integration-setup-0:4.4.1.2-1.el8ev
ovirt-engine-dwh-setup-0:4.4.1.2-1.el8ev
ovirt-engine-extension-aaa-jdbc-0:1.2.0-1.el8ev
ovirt-engine-extension-aaa-ldap-0:1.4.0-1.el8ev
ovirt-engine-extension-aaa-ldap-setup-0:1.4.0-1.el8ev
ovirt-engine-extension-aaa-misc-0:1.1.0-1.el8ev
ovirt-engine-extension-logger-log4j-0:1.1.0-1.el8ev
ovirt-engine-extensions-api-0:1.0.1-1.el8ev
ovirt-engine-extensions-api-javadoc-0:1.0.1-1.el8ev
ovirt-engine-health-check-bundler-0:4.4.1.8-0.7.el8ev
ovirt-engine-metrics-0:1.4.1.1-1.el8ev
ovirt-engine-restapi-0:4.4.1.8-0.7.el8ev
ovirt-engine-setup-0:4.4.1.8-0.7.el8ev
ovirt-engine-setup-base-0:4.4.1.8-0.7.el8ev
ovirt-engine-setup-plugin-cinderlib-0:4.4.1.8-0.7.el8ev
ovirt-engine-setup-plugin-imageio-0:4.4.1.8-0.7.el8ev
ovirt-engine-setup-plugin-ovirt-engine-0:4.4.1.8-0.7.el8ev
ovirt-engine-setup-plugin-ovirt-engine-common-0:4.4.1.8-0.7.el8ev
ovirt-engine-setup-plugin-vmconsole-proxy-helper-0:4.4.1.8-0.7.el8ev
ovirt-engine-setup-plugin-websocket-proxy-0:4.4.1.8-0.7.el8ev
ovirt-engine-tools-0:4.4.1.8-0.7.el8ev
ovirt-engine-tools-backup-0:4.4.1.8-0.7.el8ev
ovirt-engine-ui-extensions-0:1.2.2-1.el8ev
ovirt-engine-vmconsole-proxy-helper-0:4.4.1.8-0.7.el8ev
ovirt-engine-webadmin-portal-0:4.4.1.8-0.7.el8ev
ovirt-engine-websocket-proxy-0:4.4.1.8-0.7.el8ev
ovirt-fast-forward-upgrade-0:1.1.6-0.el8ev
ovirt-log-collector-0:4.4.2-1.el8ev
ovirt-scheduler-proxy-0:0.1.9-1.el8ev
ovirt-web-ui-0:1.6.3-1.el8ev
python-flask-doc-1:1.0.2-2.el8ost
python2-netaddr-0:0.7.19-8.1.el8ost
python2-pbr-0:5.1.2-2.el8ost
python2-six-0:1.12.0-1.el8ost
python3-aniso8601-0:0.82-4.el8ost
python3-ansible-runner-0:1.4.5-1.el8ar
python3-flask-1:1.0.2-2.el8ost
python3-flask-restful-0:0.3.6-8.el8ost
python3-m2crypto-0:0.35.2-5.el8ev
python3-m2crypto-debuginfo-0:0.35.2-5.el8ev
python3-netaddr-0:0.7.19-8.1.el8ost
python3-notario-0:0.0.16-2.el8cp
python3-ovirt-engine-lib-0:4.4.1.8-0.7.el8ev
python3-ovsdbapp-0:0.17.1-0.20191216120142.206cf14.el8ost
python3-pbr-0:5.1.2-2.el8ost
python3-six-0:1.12.0-1.el8ost
python3-websocket-client-0:0.54.0-1.el8ost
python3-werkzeug-0:0.16.0-1.el8ost
python3-werkzeug-doc-0:0.16.0-1.el8ost
rhv-log-collector-analyzer-0:1.0.2-1.el8ev
rhvm-0:4.4.1.8-0.7.el8ev
rhvm-branding-rhv-0:4.4.4-1.el8ev
rhvm-dependencies-0:4.4.0-1.el8ev
rhvm-setup-plugins-0:4.4.2-1.el8ev
snmp4j-0:2.4.1-1.el8ev
snmp4j-javadoc-0:2.4.1-1.el8ev
unboundid-ldapsdk-0:4.0.14-1.el8ev
unboundid-ldapsdk-javadoc-0:4.0.14-1.el8ev
vdsm-jsonrpc-java-0:1.5.4-1.el8ev
ws-commons-util-0:1.0.2-1.el8ev
ws-commons-util-javadoc-0:1.0.2-1.el8ev
xmlrpc-client-0:3.1.3-1.el8ev
xmlrpc-common-0:3.1.3-1.el8ev
xmlrpc-javadoc-0:3.1.3-1.el8ev
xmlrpc-server-0:3.1.3-1.el8ev

refmap via4

misc	https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
suse	openSUSE-SU-2020:0802

Last major update

22-04-2022 - 19:02

Published

11-03-2020 - 23:15

Last modified

22-04-2022 - 19:02