5
CVSSv2

CVE-2020-5258

CVSSv4: NA | CVSSv3: 7.7 | CVSSv2: 5 | VMScore: 870 | EPSS: 0.00364 | KEV: Not Included
Published: 10/03/2020 Updated: 21/11/2024

Vulnerability Summary

In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. This has been patched in versions 1.12.8, 1.13.7, 1.14.6, 1.15.3 and 1.16.2

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linuxfoundation dojo

debian debian linux 8.0

oracle communications application session controller 3.9.0

oracle communications policy management 12.5.0

oracle communications pricing design center 12.0.0.3.0

oracle documaker

oracle mysql

oracle primavera unifier

oracle primavera unifier 18.8

oracle primavera unifier 19.12

oracle primavera unifier 20.12

oracle webcenter sites 12.2.1.3.0

oracle webcenter sites 12.2.1.4.0

oracle weblogic server 12.2.1.4.0

oracle weblogic server 14.1.1.0.0

Vendor Advisories

Debian Bug report logs - #953587 dojo: CVE-2020-5259 Package: src:dojo; Maintainer for src:dojo is Debian Javascript Maintainers <pkg-javascript-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 10 Mar 2020 21:42:03 UTC Severity: important Tags: security, upstream Found ...
Debian Bug report logs - #953585 dojo: CVE-2020-5258 Package: src:dojo; Maintainer for src:dojo is Debian Javascript Maintainers <pkg-javascript-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 10 Mar 2020 21:39:04 UTC Severity: important Tags: security, upstream Found ...

References

CWE-94CWE-1321https://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953587https://www.first.org/epsshttps://github.com/dojo/dojo/commit/20a00afb68f5587946dc76fbeaa68c39bda2171dhttps://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2https://lists.apache.org/thread.html/r3638722360d7ae95f874280518b8d987d799a76df7a9cd78eac33a1b%40%3Cusers.qpid.apache.org%3Ehttps://lists.apache.org/thread.html/r665fcc152bd0fec9f71511a6c2435ff24d3a71386b01b1a6df326fd3%40%3Cusers.qpid.apache.org%3Ehttps://lists.apache.org/thread.html/rf481b3f25f05c52ba4e24991a941c1a6e88d281c6c9360a806554d00%40%3Cusers.qpid.apache.org%3Ehttps://lists.debian.org/debian-lts-announce/2020/03/msg00012.htmlhttps://www.oracle.com//security-alerts/cpujul2021.htmlhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttps://www.oracle.com/security-alerts/cpujul2020.htmlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.htmlhttps://github.com/dojo/dojo/commit/20a00afb68f5587946dc76fbeaa68c39bda2171dhttps://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2https://lists.apache.org/thread.html/r3638722360d7ae95f874280518b8d987d799a76df7a9cd78eac33a1b%40%3Cusers.qpid.apache.org%3Ehttps://lists.apache.org/thread.html/r665fcc152bd0fec9f71511a6c2435ff24d3a71386b01b1a6df326fd3%40%3Cusers.qpid.apache.org%3Ehttps://lists.apache.org/thread.html/rf481b3f25f05c52ba4e24991a941c1a6e88d281c6c9360a806554d00%40%3Cusers.qpid.apache.org%3Ehttps://lists.debian.org/debian-lts-announce/2020/03/msg00012.htmlhttps://www.oracle.com//security-alerts/cpujul2021.htmlhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttps://www.oracle.com/security-alerts/cpujul2020.htmlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.html