CVE-2021-23450
published 2021-12-17CVE-2021-23450: All versions of package dojo are vulnerable to Prototype Pollution via the setObject function.
critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
All versions of package dojo are vulnerable to Prototype Pollution via the setObject function.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | dojo | < dojo 1.17.2+dfsg1-1 (bookworm) | dojo 1.17.2+dfsg1-1 (bookworm) |
| linuxfoundation | dojo | < unspecified | unspecified |
| linuxfoundation | dojo | < 1.17.0 | 1.17.0 |
| linuxfoundation | dojo | >= 0 < 1.15.4+dfsg1-1+deb11u1 | 1.15.4+dfsg1-1+deb11u1 |
| linuxfoundation | dojo | >= 0 < 1.17.2+dfsg1-1 | 1.17.2+dfsg1-1 |
| linuxfoundation | dojo | >= 0 < 1.17.2+dfsg1-1 | 1.17.2+dfsg1-1 |
| linuxfoundation | dojo | >= 0 < 1.17.2+dfsg1-1 | 1.17.2+dfsg1-1 |
| linuxfoundation | dojo | >= 0 < 1.15.4+dfsg1-1ubuntu0.1 | 1.15.4+dfsg1-1ubuntu0.1 |
| linuxfoundation | dojo | >= 0 < 1.10.4+dfsg-2ubuntu0.1~esm1 | 1.10.4+dfsg-2ubuntu0.1~esm1 |
| linuxfoundation | dojo | >= 0 < 1.15.0+dfsg1-1ubuntu0.1~esm1 | 1.15.0+dfsg1-1ubuntu0.1~esm1 |
| linuxfoundation | dojo | 0 – 1.16.4 | — |
| oracle | communications_policy_management | — | — |
| oracle | primavera_unifier | — | — |
| oracle | primavera_unifier | — | — |
| oracle | primavera_unifier | — | — |
| oracle | primavera_unifier | — | — |
| oracle | primavera_unifier | 17.7 – 17.12 | — |
| oracle | weblogic_server | — | — |
| oracle | weblogic_server | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
osv9.8CRITICAL