Published: 17/12/2021 Updated: 30/01/2023

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

All versions of package dojo are vulnerable to Prototype Pollution via the setObject function.

Vulnerable Product	Search on Vulmon	Subscribe to Product
linuxfoundation dojo
oracle primavera unifier 18.8
oracle primavera unifier
oracle weblogic server 12.2.1.4.0
oracle primavera unifier 19.12
oracle weblogic server 14.1.1.0.0
oracle primavera unifier 20.12
oracle primavera unifier 21.12
oracle communications policy management 12.6.0.0.0
debian debian linux 10.0

Debian Bug report logs - #1014785 dojo: CVE-2021-23450 Package: src:dojo; Maintainer for src:dojo is Debian Javascript Maintainers <pkg-javascript-devel@listsaliothdebianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Mon, 11 Jul 2022 19:57:04 UTC Severity: grave Tags: security, upstream Reply o ...

All versions of package dojo are vulnerable to Prototype Pollution via the setObject function ...

CWE-1321 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2313033 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBDOJO-2313034 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2313035 https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-2313036 https://snyk.io/vuln/SNYK-JS-DOJO-1535223 https://github.com/dojo/dojo/blob/4c39c14349408fc8274e19b399ffc660512ed07c/_base/lang.js%23L172 https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujul2022.html https://lists.debian.org/debian-lts-announce/2023/01/msg00030.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1014785 https://nvd.nist.gov

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-23450

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect