CVE-2021-23450

CWE-1321Prototype PollutionCWE-91513 documents8 sources
Severity
9.8CRITICAL
EPSS
2.0%
top 16.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Linuxfoundation DojoOracle Primavera UnifierDebian Debian Linux+2 more
Timeline
PublishedDec 17
Latest updateJun 16

Description

All versions of package dojo are vulnerable to Prototype Pollution via the setObject function.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages8 packages

CVEListV5dojo< unspecified
NVDlinuxfoundation/dojo< 1.17.0
Debiandojo< 1.15.4+dfsg1-1+deb11u1+3
Ubuntudojo< 1.15.4+dfsg1-1ubuntu0.1+2
npmdojo1.16.4

Also affects: Debian Linux 10.0

Patches

Patch: www.oracle.comPatch: www.oracle.comPatch: www.oracle.com

🔴Vulnerability Details

5
OSV
dojo vulnerabilities2025-06-16
GHSA
Prototype Pollution in dojo2022-01-05
OSV
Prototype Pollution in dojo2022-01-05
CVEList
Prototype Pollution2021-12-17
OSV
CVE-2021-23450: All versions of package dojo are vulnerable to Prototype Pollution via the setObject function2021-12-17

📋Vendor Advisories

7
Ubuntu
Dojo vulnerabilities2025-06-16
Oracle
Oracle Oracle Commerce Risk Matrix: Asset Manager (dojo) — CVE-2021-234502025-04-15
Oracle
Oracle Oracle Communications Applications Risk Matrix: Framework (dojo) — CVE-2021-234502022-10-15
Oracle
Oracle Oracle Fusion Middleware Risk Matrix: Sample apps (Dojo) — CVE-2021-234502022-07-15
Oracle
Oracle Oracle Communications Risk Matrix: CMP (dojo) — CVE-2021-234502022-04-15