CRITICAL
Sharpred
CVE published 2020-11-12
CVE-2020-28271
A critical prototype pollution vulnerability in the deephas npm package (versions 1.0.0 through 1.0.5) enables unauthenticated remote attackers to achieve denial of service and potentially remote code execution. The vulnerability stems from improper handling of object property assignments that allow modification of Object.prototype, a common JavaScript prototype pollution pattern classified under CWE-1321 [truncated]