CVEs-PoC/2020/CVE-2020-7616.md

### [CVE-2020-7616](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7616)
![](https://img.shields.io/static/v1?label=Product&message=express-mock-middleware&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Prototype%20Pollution&color=brighgreen)

### Description

express-mock-middleware through 0.0.6 is vulnerable to Prototype Pollution. Exported functions by the package can be tricked into adding or modifying properties of the `Object.prototype`. Exploitation of this vulnerability requires creation of a new directory where an attack code can be placed which will then be exported by `express-mock-middleware`. As such, this is considered to be a low risk.

### POC

#### Reference
- https://snyk.io/vuln/SNYK-JS-EXPRESSMOCKMIDDLEWARE-564120

#### Github
- https://github.com/Live-Hack-CVE/CVE-2020-7616