Vulnerabilities > CVE-2020-7643 - Unspecified vulnerability in Idea Paypal-Adaptive

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

idea

NVD

Published: 2020-04-23

Updated: 2020-05-01

Summary

paypal-adaptive through 0.4.2 manipulation of JavaScript objects resulting in Prototype Pollution. The PayPal function could be tricked into adding or modifying properties of Object.prototype using a __proto__ payload.

Vulnerable Configurations

Part	Description	Count
Application	Idea Idea Paypal Adaptive - Idea Paypal Adaptive 0.0.1 Idea Paypal Adaptive 0.0.2 Idea Paypal Adaptive 0.0.3 Idea Paypal Adaptive 0.1.0 Idea Paypal Adaptive 0.1.1 Idea Paypal Adaptive 0.1.2 Idea Paypal Adaptive 0.2.0 Idea Paypal Adaptive 0.3.0 Idea Paypal Adaptive 0.4.0 Idea Paypal Adaptive 0.4.1 Idea Paypal Adaptive 0.4.2	12

References

https://snyk.io/vuln/SNYK-JS-PAYPALADAPTIVE-565089
https://github.com/Ideame/paypal-adaptive-sdk-nodejs/blob/master/lib/paypal-adaptive.js#L31