{"vulnerability": "CVE-2020-28495", "sightings": [{"uuid": "2c92b170-9e94-40aa-95aa-5583477a54b8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2020-28495", "type": "seen", "source": "https://t.me/cibsecurity/22939", "content": "\u203c CVE-2020-28495 \u203c\n\nThis affects the package total.js before 3.4.7. The set function can be used to set a value into the object according to the path. However the keys of the path being set are not properly sanitized, leading to a prototype pollution vulnerability. The impact depends on the application. In some cases it is possible to achieve Denial of service (DoS), Remote Code Execution or Property Injection.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-02-02T15:25:06.000000Z"}]}