Linuxfoundation Dojo vulnerabilities
2 known vulnerabilities affecting linuxfoundation/dojo.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2021-23450CRITICALCVSS 9.8fixed in 1.17.02021-12-17
CVE-2021-23450 [HIGH] CWE-1321 CVE-2021-23450: All versions of package dojo are vulnerable to Prototype Pollution via the setObject function.
All versions of package dojo are vulnerable to Prototype Pollution via the setObject function.
nvd
CVE-2020-5258HIGHCVSS 7.5fixed in 1.11.10≥ 1.12.0, < 1.12.8+4 more2020-03-10
CVE-2020-5258 [HIGH] CWE-94 CVE-2020-5258: In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution
In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the ba
nvd