CVE-2021-23450
HIGHdojo < 1.17.0 - Prototype Pollution via setObject Function
Title source: llmDescription
All versions of package dojo are vulnerable to Prototype Pollution via the setObject function.
References (9)
Core 9
Core References
Mailing List, Third Party Advisory mailing-list
https://lists.debian.org/debian-lts-announce/2023/01/msg00030.html
Broken Link, Third Party Advisory
https://github.com/dojo/dojo/blob/4c39c14349408fc8274e19b399ffc660512ed07c/_base/lang.js%23L172
Exploit, Mitigation, Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-2313036
Exploit, Mitigation, Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2313035
Exploit, Mitigation, Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBDOJO-2313034
Exploit, Mitigation, Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2313033
Exploit, Mitigation, Third Party Advisory
https://snyk.io/vuln/SNYK-JS-DOJO-1535223
Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
Patch, Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html
Scores
CVSS v3
7.5
EPSS
0.0199
EPSS Percentile
83.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-1321
Status
published
Products (11)
debian/debian_linux
10.0
linuxfoundation/dojo
< 1.17.0
npm/dojo
0npm
oracle/communications_policy_management
12.6.0.0.0
oracle/primavera_unifier
18.8
oracle/primavera_unifier
19.12
oracle/primavera_unifier
20.12
oracle/primavera_unifier
21.12
oracle/primavera_unifier
17.7 - 17.12
oracle/weblogic_server
12.2.1.4.0
... and 1 more
Published
Dec 17, 2021
Tracked Since
Feb 18, 2026