CVE-2020-7600

medium

Description

querymen prior to 2.1.4 allows modification of object properties. The parameters of exported function handler(type, name, fn) can be controlled by users without any sanitization. This could be abused for Prototype Pollution attacks.

References

https://snyk.io/vuln/SNYK-JS-QUERYMEN-559867

https://github.com/diegohaz/querymen/commit/1987fefcb3b7508253a29502a008d5063a873cef

Details

Source: Mitre, NVD

Published: 2020-03-12

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 5.3

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.00144