9.8

CVE-2021-23450

Exploit

All versions of package dojo are vulnerable to Prototype Pollution via the setObject function.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxfoundationDojo SwPlatformnode.js Version < 1.17.0
OraclePrimavera Unifier Version >= 17.7 <= 17.12
OraclePrimavera Unifier Version18.8
OraclePrimavera Unifier Version19.12
OraclePrimavera Unifier Version20.12
OraclePrimavera Unifier Version21.12
OracleWeblogic Server Version12.2.1.4.0
OracleWeblogic Server Version14.1.1.0.0
DebianDebian Linux Version10.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.78% 0.855
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
report@snyk.io 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-1321 Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

The product receives input from an upstream component that specifies attributes that are to be initialized or updated in an object, but it does not properly control modifications of attributes of the object prototype.

https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-2313036
Third Party Advisory
Exploit
Mitigation
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2313035
Third Party Advisory
Exploit
Mitigation
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2313033
Third Party Advisory
Exploit
Mitigation
https://snyk.io/vuln/SNYK-JS-DOJO-1535223
Third Party Advisory
Exploit
Mitigation