9.8
CVE-2021-23450
- EPSS 30.37%
- Veröffentlicht 17.12.2021 20:15:08
- Zuletzt bearbeitet 21.11.2024 05:51:46
- Quelle report@snyk.io
- CVE-Watchlists
- Unerledigt
Prototype Pollution
All versions of package dojo are vulnerable to Prototype Pollution via the setObject function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linuxfoundation ≫ Dojo SwPlatformnode.js Version < 1.17.0
Oracle ≫ Communications Policy Management Version12.6.0.0.0
Oracle ≫ Primavera Unifier Version >= 17.7 <= 17.12
Oracle ≫ Primavera Unifier Version18.8
Oracle ≫ Primavera Unifier Version19.12
Oracle ≫ Primavera Unifier Version20.12
Oracle ≫ Primavera Unifier Version21.12
Oracle ≫ Weblogic Server Version12.2.1.4.0
Oracle ≫ Weblogic Server Version14.1.1.0.0
Debian ≫ Debian Linux Version10.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 30.37% | 0.98 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| report@snyk.io | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')
The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujul2022.html
https://lists.debian.org/debian-lts-announce/2023/01/msg00030.html
https://github.com/dojo/dojo/blob/4c39c14349408fc8274e19b399ffc660512ed07c/_base/lang.js%23L172
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-2313036
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2313035
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBDOJO-2313034
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2313033
https://snyk.io/vuln/SNYK-JS-DOJO-1535223