Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2020-8147
CVE-2020-8147:
JavaScript vulnerability analysis and mitigation
Overview
A vulnerability was identified in the npm package utils-extend version 1.0.8 and earlier that could enable prototype pollution attacks. The vulnerability was assigned CVE-2020-8147 and was disclosed on April 3, 2020. The flaw stems from improper input validation mechanisms in the package (NVD).
Technical details
The vulnerability is classified under CWE-20 (Improper Input Validation) based on assessment and analysis of the security flaw (NVD Report).
Impact
The vulnerability could allow attackers to perform prototype pollution attacks, which could potentially lead to property injection or modification of JavaScript object prototypes (NVD).
Additional resources
Source: This report was generated using AI
Related JavaScript vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management