Miggo Logo
Miggo Vulnerability Database
CVE-2020-7709

CVE-2020-7709: Prototype pollution in json-pointer

6

CVSS Score
3.1

Basic Information

CVE ID
CVE-2020-7709
GHSA ID
GHSA-7mg4-w3w5-x5pc
EPSS Score
0.76506%
CWE
CWE-1321
Published
5/10/2021
Updated
3/5/2025
KEV Status
No
Technology
TechnologyJavaScript

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H
Package NameEcosystemVulnerable VersionsFirst Patched Version
json-pointernpm< 0.6.10.6.1
org.webjars.npm:json-pointermaven< 0.6.10.6.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from the set function's handling of JSON pointers. Before the patch, it lacked validation for prototype-pollution vectors in reference tokens. The GitHub PR #34 shows added checks for proto, constructor, and prototype in the token processing loop. The Snyk PoC demonstrates exploitation via pointer.set() with /proto/polluted, confirming this function was the entry point. The fix specifically modifies the set function's token handling logic, making it the clear vulnerable component.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

T*is *****ts t** p**k*** json-point*r ***or* *.*.*. Multipl* r***r*n** o* o*j**t usin* sl*s* is support**.

Reasoning

T** vuln*r**ility st*ms *rom t** s*t *un*tion's **n*lin* o* JSON point*rs. ***or* t** p*t**, it l**k** v*li**tion *or prototyp*-pollution v**tors in r***r*n** tok*ns. T** *it*u* PR #** s*ows ***** ****ks *or __proto__, *onstru*tor, *n* prototyp* in t