Description
bodymen before 1.1.1 is vulnerable to Prototype Pollution. The handler function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/diegohaz/bodymen/commit/5d52e8cf360410ee697afd90937e6042c3a8653b
Exploit, Third Party Advisory x_refsource_misc
https://snyk.io/vuln/SNYK-JS-BODYMEN-548897
Scores
CVSS v3
6.3
EPSS
0.0034
EPSS Percentile
56.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Details
CWE
CWE-74
Status
published
Products (2)
bodymen_project/bodymen
< 1.1.1
npm/bodymen
0 - 1.1.1npm
Published
Feb 18, 2020
Tracked Since
Feb 18, 2026