[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2020-8116":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":120,"aliases":130,"duplicate_of":9,"upstream":132,"downstream":133,"duplicates":148,"related":149,"reserved_at":9,"published_at":150,"modified_at":151,"state":152,"summary":153,"references_raw":161,"kevs":204,"epss":205,"epss_history":208,"metrics":470,"affected":482},"CVE-2020-8116","Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.",null,[11,93],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-1321","Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')","The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.","weakness","Incomplete","Variant",[19,67,89],{"id":20,"name":21,"techniques":22},"CAPEC-1","Accessing Functionality Not Properly Constrained by ACLs",[23],{"id":24,"name":25,"tactics":26,"countermeasures":42},"T1574.010","Services File Permissions Weakness",[27,30,33,36,39],{"id":28,"name":29},"TA0110","Persistence",{"id":31,"name":32},"TA0111","Privilege Escalation",{"id":34,"name":35},"TA0030","Defense Evasion",{"id":37,"name":38},"TA0005","Stealth",{"id":40,"name":41},"TA0104","Execution",[43,48,52,57,62],{"id":44,"name":45,"tactic":46},"D3-SWI","Software Inventory",{"name":47},"Model",{"id":49,"name":50,"tactic":51},"D3-AVE","Asset Vulnerability Enumeration",{"name":47},{"id":53,"name":54,"tactic":55},"D3-SBV","Service Binary Verification",{"name":56},"Detect",{"id":58,"name":59,"tactic":60},"D3-SU","Software Update",{"name":61},"Harden",{"id":63,"name":64,"tactic":65},"D3-RS","Restore Software",{"name":66},"Restore",{"id":68,"name":69,"techniques":70},"CAPEC-180","Exploiting Incorrectly Configured Access Control Security Levels",[71],{"id":24,"name":25,"tactics":72,"countermeasures":78},[73,74,75,76,77],{"id":28,"name":29},{"id":31,"name":32},{"id":34,"name":35},{"id":37,"name":38},{"id":40,"name":41},[79,81,83,85,87],{"id":44,"name":45,"tactic":80},{"name":47},{"id":49,"name":50,"tactic":82},{"name":47},{"id":53,"name":54,"tactic":84},{"name":56},{"id":58,"name":59,"tactic":86},{"name":61},{"id":63,"name":64,"tactic":88},{"name":66},{"id":90,"name":91,"techniques":92},"CAPEC-77","Manipulating User-Controlled Variables",[],{"_key":94,"id":94,"name":95,"description":96,"type":15,"status":97,"abstraction":98,"likelihood_of_exploit":9,"capec":99},"CWE-471","Modification of Assumed-Immutable Data (MAID)","The product does not properly protect an assumed-immutable element from being modified by an attacker.","Draft","Base",[100,104,108,112,116],{"id":101,"name":102,"techniques":103},"CAPEC-384","Application API Message Manipulation via Man-in-the-Middle",[],{"id":105,"name":106,"techniques":107},"CAPEC-385","Transaction or Event Tampering via Application API Manipulation",[],{"id":109,"name":110,"techniques":111},"CAPEC-386","Application API Navigation Remapping",[],{"id":113,"name":114,"techniques":115},"CAPEC-387","Navigation Remapping To Propagate Malicious Content",[],{"id":117,"name":118,"techniques":119},"CAPEC-388","Application API Button Hijacking",[],[121],{"_key":122,"name":123,"source":124,"url":125,"maturity":126,"reliability_score":127,"verified":128,"type":9,"platforms":129,"requires_auth":9,"exploitdb":9,"metasploit":9},"REF_10BA6A80E804B148","Exploit Reference (hackerone.com)","reference","https://hackerone.com/reports/719856","unknown",0.2,false,[],[131],"GHSA-ff7x-qrg7-qggm",[],[134,136,138,140,142,144,146],{"_key":135},"UBUNTU-CVE-2020-8116",{"_key":137},"DEBIAN-CVE-2020-8116",{"_key":139},"RHSA-2020:4272",{"_key":141},"RHSA-2020:4903",{"_key":143},"RHSA-2020:5086",{"_key":145},"RHSA-2021:0521",{"_key":147},"RHSA-2021:0548",[],[],"2020-02-04T19:08:57.000Z","2024-08-04T09:48:25.632Z","Modified",{"cisa_kev":128,"cisa_ransomware":128,"cisa_vendor":9,"epss_severity":154,"epss_score":155,"severity":156,"severity_score":157,"severity_version":158,"severity_source":159,"severity_vector":160,"severity_status":152},"low",0.00764,"high",7.5,"v2.0","nvd","AV:N/AC:L/Au:N/C:P/I:P/A:P",[162,171,176,181,187,191,195,199],{"url":125,"sources":163,"tags":166},[164,159,165],"cve.org","osv_npm",[167,168,169,170],"X Refsource MISC","Exploit","Third Party Advisory","WEB",{"url":172,"sources":173,"tags":174},"https://github.com/sindresorhus/dot-prop/tree/v4",[164,159,165],[167,175,170],"Broken Link",{"url":177,"sources":178,"tags":179},"https://github.com/advisories/GHSA-ff7x-qrg7-qggm",[164,159,165],[167,169,180],"Advisory",{"url":182,"sources":183,"tags":184},"https://github.com/sindresorhus/dot-prop/issues/63",[164,159,165],[167,185,186,169,170],"Issue Tracking","Patch",{"url":188,"sources":189,"tags":190},"https://nvd.nist.gov/vuln/detail/CVE-2020-8116",[165],[180],{"url":192,"sources":193,"tags":194},"https://github.com/sindresorhus/dot-prop/commit/3039c8c07f6fdaa8b595ec869ae0895686a7a0f2",[165],[170],{"url":196,"sources":197,"tags":198},"https://github.com/sindresorhus/dot-prop/commit/c914124f418f55edea27928e89c94d931babe587",[165],[170],{"url":200,"sources":201,"tags":202},"https://github.com/sindresorhus/dot-prop",[165],[203],"PACKAGE",[],{"date":206,"score":155,"percentile":207},"2026-06-04",0.73793,[209,213,216,219,222,225,228,231,234,237,240,242,244,247,250,254,257,260,263,265,268,271,273,276,278,281,284,287,291,294,297,300,303,306,309,312,315,318,321,324,327,330,333,336,339,342,345,348,351,354,357,360,363,365,368,370,373,376,379,382,385,388,391,393,395,398,401,403,406,408,411,414,417,419,422,424,427,430,433,435,438,441,445,448,451,454,457,460,463,466],{"date":210,"score":211,"percentile":212},"2025-11-04",0.0033,0.55438,{"date":214,"score":211,"percentile":215},"2025-11-05",0.55404,{"date":217,"score":211,"percentile":218},"2025-11-06",0.55414,{"date":220,"score":211,"percentile":221},"2025-11-07",0.55432,{"date":223,"score":211,"percentile":224},"2025-11-08",0.55437,{"date":226,"score":211,"percentile":227},"2025-11-09",0.5543,{"date":229,"score":211,"percentile":230},"2025-11-10",0.55407,{"date":232,"score":211,"percentile":233},"2025-11-11",0.5542,{"date":235,"score":211,"percentile":236},"2025-11-12",0.55446,{"date":238,"score":211,"percentile":239},"2025-11-13",0.55454,{"date":241,"score":211,"percentile":239},"2025-11-14",{"date":243,"score":211,"percentile":236},"2025-11-15",{"date":245,"score":211,"percentile":246},"2025-11-16",0.55431,{"date":248,"score":211,"percentile":249},"2025-11-17",0.55422,{"date":251,"score":252,"percentile":253},"2025-11-18",0.00349,0.54463,{"date":255,"score":252,"percentile":256},"2025-11-19",0.54479,{"date":258,"score":252,"percentile":259},"2025-11-20",0.54466,{"date":261,"score":211,"percentile":262},"2025-11-21",0.55435,{"date":264,"score":211,"percentile":227},"2025-11-22",{"date":266,"score":211,"percentile":267},"2025-11-23",0.55401,{"date":269,"score":211,"percentile":270},"2025-11-24",0.55397,{"date":272,"score":211,"percentile":267},"2025-11-25",{"date":274,"score":211,"percentile":275},"2025-11-26",0.55402,{"date":277,"score":211,"percentile":215},"2025-11-27",{"date":279,"score":211,"percentile":280},"2025-11-28",0.55376,{"date":282,"score":211,"percentile":283},"2025-11-29",0.55361,{"date":285,"score":211,"percentile":286},"2025-11-30",0.55349,{"date":288,"score":289,"percentile":290},"2025-12-01",0.00127,0.32714,{"date":292,"score":289,"percentile":293},"2025-12-02",0.32739,{"date":295,"score":289,"percentile":296},"2025-12-03",0.32735,{"date":298,"score":211,"percentile":299},"2025-12-04",0.55347,{"date":301,"score":211,"percentile":302},"2025-12-05",0.55364,{"date":304,"score":211,"percentile":305},"2025-12-06",0.55365,{"date":307,"score":211,"percentile":308},"2025-12-07",0.55355,{"date":310,"score":211,"percentile":311},"2025-12-08",0.55356,{"date":313,"score":211,"percentile":314},"2025-12-09",0.55373,{"date":316,"score":211,"percentile":317},"2025-12-10",0.55429,{"date":319,"score":211,"percentile":320},"2025-12-11",0.55449,{"date":322,"score":211,"percentile":323},"2025-12-12",0.55472,{"date":325,"score":211,"percentile":326},"2025-12-13",0.55464,{"date":328,"score":211,"percentile":329},"2025-12-14",0.55461,{"date":331,"score":211,"percentile":332},"2025-12-15",0.5545,{"date":334,"score":211,"percentile":335},"2025-12-16",0.55463,{"date":337,"score":211,"percentile":338},"2025-12-17",0.55485,{"date":340,"score":211,"percentile":341},"2025-12-18",0.55523,{"date":343,"score":211,"percentile":344},"2025-12-19",0.55526,{"date":346,"score":211,"percentile":347},"2025-12-20",0.55517,{"date":349,"score":211,"percentile":350},"2025-12-21",0.55496,{"date":352,"score":211,"percentile":353},"2025-12-22",0.55474,{"date":355,"score":211,"percentile":356},"2025-12-23",0.55479,{"date":358,"score":211,"percentile":359},"2025-12-24",0.55487,{"date":361,"score":211,"percentile":362},"2025-12-25",0.5553,{"date":364,"score":211,"percentile":341},"2025-12-26",{"date":366,"score":211,"percentile":367},"2025-12-27",0.5557,{"date":369,"score":211,"percentile":359},"2025-12-28",{"date":371,"score":211,"percentile":372},"2025-12-29",0.5547,{"date":374,"score":211,"percentile":375},"2025-12-30",0.55465,{"date":377,"score":211,"percentile":378},"2025-12-31",0.55478,{"date":380,"score":289,"percentile":381},"2026-01-01",0.32898,{"date":383,"score":289,"percentile":384},"2026-01-02",0.32888,{"date":386,"score":289,"percentile":387},"2026-01-03",0.32875,{"date":389,"score":211,"percentile":390},"2026-01-04",0.55445,{"date":392,"score":211,"percentile":224},"2026-01-05",{"date":394,"score":211,"percentile":390},"2026-01-06",{"date":396,"score":211,"percentile":397},"2026-01-07",0.55471,{"date":399,"score":211,"percentile":400},"2026-01-08",0.55491,{"date":402,"score":211,"percentile":359},"2026-01-09",{"date":404,"score":211,"percentile":405},"2026-01-10",0.55486,{"date":407,"score":211,"percentile":335},"2026-01-11",{"date":409,"score":211,"percentile":410},"2026-01-12",0.55417,{"date":412,"score":211,"percentile":413},"2026-01-13",0.55395,{"date":415,"score":211,"percentile":416},"2026-01-14",0.5544,{"date":418,"score":211,"percentile":390},"2026-01-15",{"date":420,"score":211,"percentile":421},"2026-01-16",0.55466,{"date":423,"score":211,"percentile":329},"2026-01-17",{"date":425,"score":211,"percentile":426},"2026-01-18",0.55453,{"date":428,"score":211,"percentile":429},"2026-01-19",0.55443,{"date":431,"score":211,"percentile":432},"2026-01-20",0.55447,{"date":434,"score":211,"percentile":320},"2026-01-21",{"date":436,"score":211,"percentile":437},"2026-01-22",0.55452,{"date":439,"score":211,"percentile":440},"2026-01-23",0.55495,{"date":442,"score":443,"percentile":444},"2026-01-24",0.00384,0.59156,{"date":446,"score":443,"percentile":447},"2026-01-25",0.59118,{"date":449,"score":443,"percentile":450},"2026-01-26",0.59104,{"date":452,"score":443,"percentile":453},"2026-01-27",0.59114,{"date":455,"score":443,"percentile":456},"2026-01-28",0.59123,{"date":458,"score":443,"percentile":459},"2026-01-29",0.59122,{"date":461,"score":443,"percentile":462},"2026-01-30",0.5912,{"date":464,"score":443,"percentile":465},"2026-01-31",0.59124,{"date":467,"score":468,"percentile":469},"2026-02-01",0.00128,0.32761,[471,480],{"source":159,"cvss_v2_0":472,"cvss_v3_0":9,"cvss_v3_1":475,"cvss_v4_0":9},{"baseScore":157,"baseSeverity":9,"vectorString":160,"impactScore":473,"exploitabilityScore":474},6.4,10,{"baseScore":476,"baseSeverity":477,"vectorString":478,"impactScore":479,"exploitabilityScore":474},7.3,"HIGH","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",5.7,{"source":165,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":481,"cvss_v4_0":9},{"baseScore":476,"baseSeverity":9,"vectorString":478,"impactScore":479,"exploitabilityScore":474},[483,499],{"ecosystem":9,"name":484,"vendor":485,"product":484,"cpe_part":486,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":487},"dot-prop","dot-prop_project","a",[488,494],{"version":489,"is_range":490,"range_type":491,"version_start":9,"version_start_type":9,"version_end":492,"version_end_type":493,"fixed_in":9},"lt4.2.1",true,"cpe","4.2.1","excluding",{"version":495,"is_range":490,"range_type":491,"version_start":496,"version_start_type":497,"version_end":498,"version_end_type":493,"fixed_in":9},"gte5.0.0_lt5.1.1","5.0.0","including","5.1.1",{"ecosystem":500,"name":484,"vendor":500,"product":484,"cpe_part":9,"purl_type":501,"purl_namespace":9,"purl_name":484,"source":9,"versions":502},"Npm","npm",[503,506],{"version":504,"is_range":490,"range_type":505,"version_start":9,"version_start_type":9,"version_end":492,"version_end_type":493,"fixed_in":9},"lt4_2_1","semver",{"version":507,"is_range":490,"range_type":505,"version_start":496,"version_start_type":497,"version_end":498,"version_end_type":493,"fixed_in":9},"gte5_0_0_lt5_1_1"]