Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-4b6t-hfzu-7uf5
Summary
dot-prop Prototype Pollution vulnerability
Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.
Aliases
0
alias CVE-2020-8116
1
alias GHSA-ff7x-qrg7-qggm
Fixed_packages
0
url pkg:deb/debian/node-dot-prop@5.2.0-1?distro=trixie
purl pkg:deb/debian/node-dot-prop@5.2.0-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-dot-prop@5.2.0-1%3Fdistro=trixie
1
url pkg:deb/debian/node-dot-prop@6.0.1-1?distro=trixie
purl pkg:deb/debian/node-dot-prop@6.0.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-dot-prop@6.0.1-1%3Fdistro=trixie
2
url pkg:deb/debian/node-dot-prop@6.0.1-1
purl pkg:deb/debian/node-dot-prop@6.0.1-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-dot-prop@6.0.1-1
3
url pkg:deb/debian/node-dot-prop@7.2.0-3?distro=trixie
purl pkg:deb/debian/node-dot-prop@7.2.0-3?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-dot-prop@7.2.0-3%3Fdistro=trixie
4
url pkg:npm/dot-prop@4.2.1
purl pkg:npm/dot-prop@4.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/dot-prop@4.2.1
5
url pkg:npm/dot-prop@5.0.0
purl pkg:npm/dot-prop@5.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4b6t-hfzu-7uf5
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/dot-prop@5.0.0
6
url pkg:npm/dot-prop@5.1.1
purl pkg:npm/dot-prop@5.1.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/dot-prop@5.1.1
Affected_packages
0
url pkg:deb/debian/node-dot-prop@4.1.1-1%2Bdeb10u2
purl pkg:deb/debian/node-dot-prop@4.1.1-1%2Bdeb10u2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4b6t-hfzu-7uf5
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/node-dot-prop@4.1.1-1%252Bdeb10u2
1
url pkg:npm/dot-prop@1.0.0
purl pkg:npm/dot-prop@1.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4b6t-hfzu-7uf5
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/dot-prop@1.0.0
2
url pkg:npm/dot-prop@1.0.1
purl pkg:npm/dot-prop@1.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4b6t-hfzu-7uf5
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/dot-prop@1.0.1
3
url pkg:npm/dot-prop@2.0.0
purl pkg:npm/dot-prop@2.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4b6t-hfzu-7uf5
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/dot-prop@2.0.0
4
url pkg:npm/dot-prop@2.1.0
purl pkg:npm/dot-prop@2.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4b6t-hfzu-7uf5
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/dot-prop@2.1.0
5
url pkg:npm/dot-prop@2.2.0
purl pkg:npm/dot-prop@2.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4b6t-hfzu-7uf5
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/dot-prop@2.2.0
6
url pkg:npm/dot-prop@2.3.0
purl pkg:npm/dot-prop@2.3.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4b6t-hfzu-7uf5
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/dot-prop@2.3.0
7
url pkg:npm/dot-prop@2.4.0
purl pkg:npm/dot-prop@2.4.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4b6t-hfzu-7uf5
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/dot-prop@2.4.0
8
url pkg:npm/dot-prop@3.0.0
purl pkg:npm/dot-prop@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4b6t-hfzu-7uf5
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/dot-prop@3.0.0
9
url pkg:npm/dot-prop@4.0.0
purl pkg:npm/dot-prop@4.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4b6t-hfzu-7uf5
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/dot-prop@4.0.0
10
url pkg:npm/dot-prop@4.1.0
purl pkg:npm/dot-prop@4.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4b6t-hfzu-7uf5
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/dot-prop@4.1.0
11
url pkg:npm/dot-prop@4.1.1
purl pkg:npm/dot-prop@4.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4b6t-hfzu-7uf5
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/dot-prop@4.1.1
12
url pkg:npm/dot-prop@4.2.0
purl pkg:npm/dot-prop@4.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4b6t-hfzu-7uf5
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/dot-prop@4.2.0
13
url pkg:npm/dot-prop@5.0.0
purl pkg:npm/dot-prop@5.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4b6t-hfzu-7uf5
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/dot-prop@5.0.0
14
url pkg:npm/dot-prop@5.0.1
purl pkg:npm/dot-prop@5.0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4b6t-hfzu-7uf5
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/dot-prop@5.0.1
15
url pkg:npm/dot-prop@5.1.0
purl pkg:npm/dot-prop@5.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4b6t-hfzu-7uf5
resource_url http://public2.vulnerablecode.io/packages/pkg:npm/dot-prop@5.1.0
16
url pkg:rpm/redhat/rh-nodejs10-nodejs@10.23.1-2?arch=el7
purl pkg:rpm/redhat/rh-nodejs10-nodejs@10.23.1-2?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4b6t-hfzu-7uf5
1
vulnerability VCID-7tyw-ppyt-zqgr
2
vulnerability VCID-cqs6-2ryh-43gj
3
vulnerability VCID-e2wc-na6c-c3cr
4
vulnerability VCID-fu8u-pxaa-43be
5
vulnerability VCID-jqtk-shbr-nkaw
6
vulnerability VCID-kh5k-ynnf-2bbx
7
vulnerability VCID-v5h1-gpt1-97bj
8
vulnerability VCID-zj4d-e8r7-ufg3
9
vulnerability VCID-ztt4-vnk7-7ycq
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-nodejs10-nodejs@10.23.1-2%3Farch=el7
17
url pkg:rpm/redhat/rh-nodejs12-nodejs@12.18.4-3?arch=el7
purl pkg:rpm/redhat/rh-nodejs12-nodejs@12.18.4-3?arch=el7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4b6t-hfzu-7uf5
1
vulnerability VCID-cqs6-2ryh-43gj
2
vulnerability VCID-e2wc-na6c-c3cr
3
vulnerability VCID-n91z-kugd-ebb5
resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/rh-nodejs12-nodejs@12.18.4-3%3Farch=el7
References
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8116.json
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-8116.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2020-8116
reference_id
reference_type
scores
0
value 0.00764
scoring_system epss
scoring_elements 0.73479
published_at 2026-04-18T12:55:00Z
1
value 0.00764
scoring_system epss
scoring_elements 0.73432
published_at 2026-04-09T12:55:00Z
2
value 0.00764
scoring_system epss
scoring_elements 0.73471
published_at 2026-04-16T12:55:00Z
3
value 0.00764
scoring_system epss
scoring_elements 0.73428
published_at 2026-04-13T12:55:00Z
4
value 0.00764
scoring_system epss
scoring_elements 0.73436
published_at 2026-04-12T12:55:00Z
5
value 0.00764
scoring_system epss
scoring_elements 0.73455
published_at 2026-04-11T12:55:00Z
6
value 0.00764
scoring_system epss
scoring_elements 0.73378
published_at 2026-04-01T12:55:00Z
7
value 0.00764
scoring_system epss
scoring_elements 0.73387
published_at 2026-04-02T12:55:00Z
8
value 0.00764
scoring_system epss
scoring_elements 0.7341
published_at 2026-04-04T12:55:00Z
9
value 0.00764
scoring_system epss
scoring_elements 0.73382
published_at 2026-04-07T12:55:00Z
10
value 0.00764
scoring_system epss
scoring_elements 0.73419
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2020-8116
2
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8116
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8116
3
reference_url https://github.com/advisories/GHSA-ff7x-qrg7-qggm
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/advisories/GHSA-ff7x-qrg7-qggm
4
reference_url https://github.com/sindresorhus/dot-prop
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sindresorhus/dot-prop
5
reference_url https://github.com/sindresorhus/dot-prop/commit/3039c8c07f6fdaa8b595ec869ae0895686a7a0f2
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sindresorhus/dot-prop/commit/3039c8c07f6fdaa8b595ec869ae0895686a7a0f2
6
reference_url https://github.com/sindresorhus/dot-prop/commit/c914124f418f55edea27928e89c94d931babe587
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sindresorhus/dot-prop/commit/c914124f418f55edea27928e89c94d931babe587
7
reference_url https://github.com/sindresorhus/dot-prop/issues/63
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sindresorhus/dot-prop/issues/63
8
reference_url https://github.com/sindresorhus/dot-prop/tree/v4
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/sindresorhus/dot-prop/tree/v4
9
reference_url https://hackerone.com/reports/719856
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://hackerone.com/reports/719856
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2020-8116
reference_id
reference_type
scores
0
value 7.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2020-8116
11
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1868196
reference_id 1868196
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1868196
12
reference_url https://access.redhat.com/errata/RHSA-2020:4272
reference_id RHSA-2020:4272
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4272
13
reference_url https://access.redhat.com/errata/RHSA-2020:4903
reference_id RHSA-2020:4903
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:4903
14
reference_url https://access.redhat.com/errata/RHSA-2020:5086
reference_id RHSA-2020:5086
reference_type
scores
url https://access.redhat.com/errata/RHSA-2020:5086
15
reference_url https://access.redhat.com/errata/RHSA-2021:0521
reference_id RHSA-2021:0521
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0521
16
reference_url https://access.redhat.com/errata/RHSA-2021:0548
reference_id RHSA-2021:0548
reference_type
scores
url https://access.redhat.com/errata/RHSA-2021:0548
Weaknesses
0
cwe_id 1321
name Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
description The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.
1
cwe_id 425
name Direct Request ('Forced Browsing')
description The web application does not adequately enforce appropriate authorization on all restricted URLs, scripts, or files.
2
cwe_id 471
name Modification of Assumed-Immutable Data (MAID)
description The product does not properly protect an assumed-immutable element from being modified by an attacker.
3
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
4
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score7.0 - 8.9
Exploitability0.5
Weighted_severity8.0
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-4b6t-hfzu-7uf5