CVEFinder.io

CVE-2020-7598

🔶 medium
🔍 Scan for this CVE
Summary

minimist before 1.2.2 could be tricked into adding or modifying properties of Object.prototype using a "constructor" or "__proto__" payload.

CVSS Score
5.6
Medium
EPSS Score
0.3
Exploit Probability
Published Date
2020-03-11
First Seen: 2026-01-05
📊 Relative Risk Intelligence

This CVE is Lower Risk - more severe than 32.6% of all 317,883 vulnerabilities in our database.

#214,351
Below average severity
Severity Percentile
Last Modified 2024-11-21
Source NVD 🔗
CVSS Vector 3.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
CWE IDs (Weakness Types)
CWE-1321

📦 Affected Products 2

Vendor Product Status Affected Versions
opensuse leap Affected
v15.1
substack minimist Affected
< 1.2.2

🔗 References 2

http://lists.opensuse.org/opensuse-security-announce...
Mailing List Third Party Advisory
https://snyk.io/vuln/SNYK-JS-MINIMIST-559764
Exploit Patch Third Party Advisory

🔗 Related CVEs 6

CVE ID Severity CVSS EPSS Summary Published
CVE-2025-32463 ⛔ critical 9.3 20.8 Sudo before 1.9.17p1 allows local users to obtain root access because /etc/nsswitch.conf from a user-controlled director... 2025-06-30
CVE-2023-32182 🔶 medium 5.9 0.0 A Improper Link Resolution Before File Access ('Link Following') vulnerability in SUSE SUSE Linux Enterprise Desktop 15 ... 2023-09-19
CVE-2022-45153 ⚠️ high 7.0 0.1 An Incorrect Default Permissions vulnerability in saphanabootstrap-formula of SUSE Linux Enterprise Module for SAP Appli... 2023-02-15
CVE-2022-31252 🔶 medium 4.4 0.1 A Incorrect Authorization vulnerability in chkstat of SUSE Linux Enterprise Server 12-SP5; openSUSE Leap 15.3, openSUSE ... 2022-10-06
CVE-2021-44906 ⛔ critical 9.8 0.9 Minimist <=1.2.5 is vulnerable to Prototype Pollution via file index.js, function setKey() (lines 69-95). 2022-03-17
CVE-2021-46141 🔶 medium 5.5 0.1 An issue was discovered in uriparser before 0.9.6. It performs invalid free operations in uriFreeUriMembers and uriMakeO... 2022-01-06
These CVEs affect the same products