Dottie Project Dottie vulnerabilities
2 known vulnerabilities affecting dottie_project/dottie.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2026-27837P3CRITICALCVSS 9.8≥ 2.0.4, < 2.0.72026-02-26
CVE-2026-27837 [CRITICAL] CVE-2026-27837: Dottie provides nested object access and manipulation in JavaScript. Versions 2.0.4 through 2.0.6 co
Dottie provides nested object access and manipulation in JavaScript. Versions 2.0.4 through 2.0.6 contain an incomplete fix for CVE-2023-26132. The prototype pollution guard introduced in commit `7d3aee1` only validates the first segment of a dot-separated path, allowing an attacker to bypass the protection by placing `__proto__` at any position other tha
ghsanvdosv
CVE-2023-26132P3HIGHCVSS 7.5fixed in 2.0.42023-06-10
CVE-2023-26132 [HIGH] CWE-1321 CVE-2023-26132: Versions of the package dottie before 2.0.4 are vulnerable to Prototype Pollution due to insufficien
Versions of the package dottie before 2.0.4 are vulnerable to Prototype Pollution due to insufficient checks, via the set() function and the current variable in the /dottie.js file.
ghsanvdosv