In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. This has been patched in versions 1.12.8, 1.13.7, 1.14.6, 1.15.3 and 1.16.2
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
07 Nov 2023, 03:23
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2020-03-10 18:15
Updated : 2024-02-28 17:28
NVD link : CVE-2020-5258
Mitre link : CVE-2020-5258
CVE.ORG link : CVE-2020-5258
JSON object : View
Products Affected
oracle
- communications_pricing_design_center
- communications_policy_management
- documaker
- weblogic_server
- communications_application_session_controller
- webcenter_sites
- primavera_unifier
- mysql
linuxfoundation
- dojo
debian
- debian_linux