cbcvebase.
CVE-2023-26132
published 2023-06-10

CVE-2023-26132: Versions of the package dottie before 2.0.4 are vulnerable to Prototype Pollution due to insufficient checks, via the set() function and the current variable…

PriorityP337high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.06%
60.4th percentile
Versions of the package dottie before 2.0.4 are vulnerable to Prototype Pollution due to insufficient checks, via the set() function and the current variable in the /dottie.js file.

Affected

7 ranges
VendorProductVersion rangeFixed in
debiannode-dottie< node-dottie 2.0.7+~2.0.7-1 (forky)node-dottie 2.0.7+~2.0.7-1 (forky)
debiannode-dottie< node-dottie 2.0.2-4+deb12u1 (bookworm)node-dottie 2.0.2-4+deb12u1 (bookworm)
dottie_projectdottie< 2.0.42.0.4
dottie_projectdottie>= 0 < 2.0.42.0.4
dottie_projectdottie>= 2.0.4 < 2.0.72.0.7
dottie_projectdottie>= 2.0.4 < 2.0.72.0.7
mickhansendottie.js

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
ghsa7.5HIGH
osv7.5HIGH
vendor_debian7.5HIGH
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.