CVE-2026-8657 in jsondiffpatchالمعلومات

الملخص

بحسب MITRE • 16/05/2026

Versions of the package jsondiffpatch before 0.7.6 are vulnerable to Prototype Pollution via the jsondiffpatch.patch() and jsondiffpatch/formatters/jsonpatch.patch() APIs. An attacker can perform prototype pollution by supplying crafted delta or JSON Patch documents, as attacker-controlled property names and path segments are used to traverse and modify objects without restricting access to special properties like __proto__ or constructor.prototype, allowing modification of Object.prototype.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

Snyk

حجز

15/05/2026

إفشاء

16/05/2026

الاعتدال

تمت الموافقة

إدخال

VDB-364313

CPE

جاهز

CWE

CWE-1321 (مؤكد)

CVSS

8.2 (CNA)

EPSS

0.00066

KEV

لا

النشاطات

منخفض جدًا

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-8657
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-8657
CVE Details	https://www.cvedetails.com/cve/CVE-2026-8657/

التالي ▸نظرة عامة ◂ السابق

Interested in the pricing of exploits?

See the underground prices here!