Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.7
CVSSv3

CVE-2020-5258

Published: 10/03/2020 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.7 | Impact Score: 5.8 | Exploitability Score: 1.3
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Subscribe to Dojo

Vulnerability Summary

In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. This has been patched in versions 1.12.8, 1.13.7, 1.14.6, 1.15.3 and 1.16.2

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linuxfoundation dojo

debian debian linux 8.0

oracle webcenter sites 12.2.1.3.0

oracle primavera unifier 18.8

oracle primavera unifier

oracle communications policy management 12.5.0

oracle weblogic server 12.2.1.4.0

oracle primavera unifier 19.12

oracle webcenter sites 12.2.1.4.0

oracle weblogic server 14.1.1.0.0

oracle mysql

oracle primavera unifier 20.12

oracle communications pricing design center 12.0.0.3.0

oracle documaker

oracle communications application session controller 3.9.0

Vendor Advisories

Debian CVElist Bug Report Logs: dojo: CVE-2020-5258
Debian Bug report logs - #953585 dojo: CVE-2020-5258 Package: src:dojo; Maintainer for src:dojo is Debian Javascript Maintainers <pkg-javascript-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 10 Mar 2020 21:39:04 UTC Severity: important Tags: security, upstream Found ...
Debian CVElist Bug Report Logs: dojo: CVE-2020-5259
Debian Bug report logs - #953587 dojo: CVE-2020-5259 Package: src:dojo; Maintainer for src:dojo is Debian Javascript Maintainers <pkg-javascript-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 10 Mar 2020 21:42:03 UTC Severity: important Tags: security, upstream Found ...

References

CWE-94https://github.com/dojo/dojo/commit/20a00afb68f5587946dc76fbeaa68c39bda2171dhttps://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2https://lists.debian.org/debian-lts-announce/2020/03/msg00012.htmlhttps://www.oracle.com/security-alerts/cpujul2020.htmlhttps://www.oracle.com//security-alerts/cpujul2021.htmlhttps://www.oracle.com/security-alerts/cpuoct2021.htmlhttps://www.oracle.com/security-alerts/cpujan2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://lists.apache.org/thread.html/rf481b3f25f05c52ba4e24991a941c1a6e88d281c6c9360a806554d00%40%3Cusers.qpid.apache.org%3Ehttps://lists.apache.org/thread.html/r3638722360d7ae95f874280518b8d987d799a76df7a9cd78eac33a1b%40%3Cusers.qpid.apache.org%3Ehttps://lists.apache.org/thread.html/r665fcc152bd0fec9f71511a6c2435ff24d3a71386b01b1a6df326fd3%40%3Cusers.qpid.apache.org%3Ehttps://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=953585
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-2907hardcodedinjectCVE-2024-20359CVE-2024-2467CVE-2024-4077CVE-2024-22391cameraCVE-2024-20353
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook