Candidate: CVE-2020-28282
PublicDate: 2020-12-29 18:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28282
 https://github.com/cowboy/node-getobject/commit/84071748fa407caa8f824e0d0b9c1cde9ec56633 (v1.0.0)
 https://www.whitesourcesoftware.com/vulnerability-database/CVE-2020-28282
 https://github.com/cowboy/node-getobject/blob/aba04a8e1d6180eb39eff09990c3a43886ba8937/lib/getobject.js#L48
Description:
 Prototype pollution vulnerability in 'getobject' version 0.1.0 allows an
 attacker to cause a denial of service and may lead to remote code
 execution.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_node-getobject:
upstream_node-getobject: released (1.0.2-1)
trusty_node-getobject: ignored (out of standard support)
xenial_node-getobject: ignored (out of standard support)
bionic_node-getobject: needed
focal_node-getobject: needed
impish_node-getobject: needed
jammy_node-getobject: not-affected (1.0.2-2)
devel_node-getobject: not-affected (1.0.2-2)