VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-xhjk-8ujw-6bc8

Essentials
Severities (20)
References (14)
Severity details (16)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-xhjk-8ujw-6bc8
Aliases	CVE-2020-7720 GHSA-92xj-mqp7-vmcj
Summary	Prototype Pollution in node-forge
Status	Published
Exploitability	0.5
Weighted Severity	8.8
Risk	4.4
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-915	Improperly Controlled Modification of Dynamically-Determined Object Attributes
CWE-1321	Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
CWE-400	Uncontrolled Resource Consumption

System	Score	Found at
cvssv3	7.3	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7720.json
epss	0.02085	https://api.first.org/data/v1/epss?cve=CVE-2020-7720
epss	0.02085	https://api.first.org/data/v1/epss?cve=CVE-2020-7720
epss	0.02085	https://api.first.org/data/v1/epss?cve=CVE-2020-7720
epss	0.02085	https://api.first.org/data/v1/epss?cve=CVE-2020-7720
cvssv3.1_qr	HIGH	https://github.com/advisories/GHSA-92xj-mqp7-vmcj
cvssv3.1	9.8	https://github.com/digitalbazaar/forge
generic_textual	HIGH	https://github.com/digitalbazaar/forge
cvssv3.1	9.8	https://github.com/digitalbazaar/forge/blob/master/CHANGELOG.md
generic_textual	HIGH	https://github.com/digitalbazaar/forge/blob/master/CHANGELOG.md
cvssv3.1	9.8	https://github.com/digitalbazaar/forge/blob/master/CHANGELOG.md#removed
generic_textual	HIGH	https://github.com/digitalbazaar/forge/blob/master/CHANGELOG.md#removed
cvssv3.1	9.8	https://github.com/digitalbazaar/forge/commit/6a1e3ef74f6eb345bcff1b82184201d1e28b6756
generic_textual	HIGH	https://github.com/digitalbazaar/forge/commit/6a1e3ef74f6eb345bcff1b82184201d1e28b6756
cvssv3.1	9.8	https://nvd.nist.gov/vuln/detail/CVE-2020-7720
generic_textual	HIGH	https://nvd.nist.gov/vuln/detail/CVE-2020-7720
cvssv3.1	9.8	https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-609293
generic_textual	HIGH	https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-609293
cvssv3.1	9.8	https://snyk.io/vuln/SNYK-JS-NODEFORGE-598677
generic_textual	HIGH	https://snyk.io/vuln/SNYK-JS-NODEFORGE-598677

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7720.json
		https://api.first.org/data/v1/epss?cve=CVE-2020-7720
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7720
		https://github.com/digitalbazaar/forge/blob/master/CHANGELOG.md
		https://github.com/digitalbazaar/forge/blob/master/CHANGELOG.md#removed
		https://github.com/digitalbazaar/forge/commit/6a1e3ef74f6eb345bcff1b82184201d1e28b6756
		https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-609293
		https://snyk.io/vuln/SNYK-JS-NODEFORGE-598677
1874606		https://bugzilla.redhat.com/show_bug.cgi?id=1874606
969669		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=969669
CVE-2020-7720		https://nvd.nist.gov/vuln/detail/CVE-2020-7720
GHSA-92xj-mqp7-vmcj		https://github.com/advisories/GHSA-92xj-mqp7-vmcj
RHSA-2020:5249		https://access.redhat.com/errata/RHSA-2020:5249
RHSA-2020:5605		https://access.redhat.com/errata/RHSA-2020:5605

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-7720.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Found at https://github.com/digitalbazaar/forge

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Found at https://github.com/digitalbazaar/forge/blob/master/CHANGELOG.md

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Found at https://github.com/digitalbazaar/forge/blob/master/CHANGELOG.md#removed

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Found at https://github.com/digitalbazaar/forge/commit/6a1e3ef74f6eb345bcff1b82184201d1e28b6756

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Found at https://nvd.nist.gov/vuln/detail/CVE-2020-7720

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Found at https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-609293

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C Found at https://snyk.io/vuln/SNYK-JS-NODEFORGE-598677

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.84365
EPSS Score	0.02085
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-11T20:26:51.373568+00:00	GHSA Importer	Import	https://github.com/advisories/GHSA-92xj-mqp7-vmcj	38.6.0