CVE-2020-7641
MEDIUMgrunt-util-property - Prototype Pollution via __proto__ Payload
Title source: llmDescription
This affects all versions of package grunt-util-property. The function call could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.
References (2)
Core 2
Core References
Exploit, Third Party Advisory x_refsource_misc
https://security.snyk.io/vuln/SNYK-JS-GRUNTUTILPROPERTY-565088
Broken Link, Third Party Advisory x_refsource_misc
https://github.com/mikaelkaron/grunt-util-property/blob/master/main.js%23L41
Scores
CVSS v3
4.0
EPSS
0.0037
EPSS Percentile
28.1%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:L
Details
CWE
CWE-1321
Status
published
Products (3)
grunt-util-property_project/grunt-util-property
0.0.1
grunt-util-property_project/grunt-util-property
0.0.2
npm/grunt-util-property
0npm
Published
Jul 17, 2022
Tracked Since
Feb 18, 2026