Candidate: CVE-2020-8141
PublicDate: 2020-03-15 18:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8141
 https://hackerone.com/reports/390929
Description:
 The dot package v1.1.2 uses Function() to compile templates. This can be
 exploited by the attacker if they can control the given template or if they
 can control the value set on Object.prototype.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_node-dot:
upstream_node-dot: needs-triage
precise/esm_node-dot: DNE
trusty_node-dot: ignored (out of standard support)
trusty/esm_node-dot: DNE
xenial_node-dot: DNE
bionic_node-dot: not-affected (code not present)
eoan_node-dot: not-affected (code not present)
devel_node-dot: not-affected (code not present)