CVE-2020-7770: Improper Input Validation

November 12, 2020 (updated July 21, 2021)

The apply function adds in the target object the property specified in the path, however it does not properly check the key being set, leading to a prototype pollution.

References

nvd.nist.gov/vuln/detail/CVE-2020-7770

Code Behaviors & Features

Detect and mitigate CVE-2020-7770 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →