View at Official debian advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2020-7720 not yet assigned priority: Debian including 1 source packages (node-node-forge), 1 status rows across 1 suites (bullseye): resolved 1.
The package node-forge before 0.10.0 is vulnerable to Prototype Pollution via the util.setPath function. Note: Version 0.10.0 is a breaking change removing the vulnerable functions.