{"id":"CVE-2020-28458","details":"All versions of package datatables.net are vulnerable to Prototype Pollution due to an incomplete fix for https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806.","aliases":["GHSA-m7j4-fhg6-xf5v"],"modified":"2026-04-10T04:25:46.991465Z","published":"2020-12-16T11:15:12.130Z","related":["SNYK-JAVA-ORGWEBJARSBOWER-1051961","SNYK-JAVA-ORGWEBJARSNPM-1051962","SNYK-JS-DATATABLESNET-1016402","SNYK-JS-DATATABLESNET-598806"],"references":[{"type":"ADVISORY","url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-1051962"},{"type":"ADVISORY","url":"https://snyk.io/vuln/SNYK-JS-DATATABLESNET-1016402"},{"type":"ADVISORY","url":"https://github.com/DataTables/Dist-DataTables/blob/master/js/jquery.dataTables.js%23L2766"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20240621-0006/"},{"type":"ADVISORY","url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-1051961"},{"type":"FIX","url":"https://github.com/DataTables/DataTablesSrc/commit/a51cbe99fd3d02aa5582f97d4af1615d11a1ea03"},{"type":"EVIDENCE","url":"https://snyk.io/vuln/SNYK-JS-DATATABLESNET-598806"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/datatables/datatablessrc","events":[{"introduced":"0"},{"fixed":"944252f7004cdfdc9ad14b6e6d400b1651c6aa9e"},{"fixed":"a51cbe99fd3d02aa5582f97d4af1615d11a1ea03"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.10.23"}]}}],"versions":["1.10.0","1.10.0-beta.2","1.10.0-rc.1","1.10.1","1.10.10","1.10.11","1.10.12","1.10.13","1.10.14","1.10.15","1.10.16","1.10.2","1.10.20","1.10.21","1.10.22","1.10.3","1.10.4","1.10.5","1.10.6","1.10.7","1.10.8","1.10.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-28458.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"}]}