In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. This has been patched in versions 1.12.8, 1.13.7, 1.14.6, 1.15.3 and 1.16.2
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2020-03-10T17:50:20
Updated: 2022-07-25T16:23:00
Reserved: 2020-01-02T00:00:00
Link: CVE-2020-5258
JSON object: View
NVD Information
Status : Modified
Published: 2020-03-10T18:15:12.123
Modified: 2023-11-07T03:23:44.137
Link: CVE-2020-5258
JSON object: View
Redhat Information
No data.