Search criteria
4 vulnerabilities found for dot by dot_project
CVE-2020-7639 (GCVE-0-2020-7639)
Vulnerability from nvd – Published: 2020-04-06 12:48 – Updated: 2024-08-04 09:33
VLAI?
Summary
eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.The function 'set' could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload.
Severity ?
No CVSS data available.
CWE
- Prototype Pollution
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | @eivifj/dot |
Affected:
All versions below 1.0.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:20.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-EIVIFJDOT-564435"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/eivindfjeldstad/dot/commit/774e4b0c97ca35d2ae40df2cd14428d37dd07a0b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "@eivifj/dot",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions below 1.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.The function \u0027set\u0027 could be tricked into adding or modifying properties of \u0027Object.prototype\u0027 using a \u0027__proto__\u0027 payload."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Prototype Pollution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-06T12:48:14",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JS-EIVIFJDOT-564435"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eivindfjeldstad/dot/commit/774e4b0c97ca35d2ae40df2cd14428d37dd07a0b"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2020-7639",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "@eivifj/dot",
"version": {
"version_data": [
{
"version_value": "All versions below 1.0.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.The function \u0027set\u0027 could be tricked into adding or modifying properties of \u0027Object.prototype\u0027 using a \u0027__proto__\u0027 payload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Prototype Pollution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JS-EIVIFJDOT-564435",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-EIVIFJDOT-564435"
},
{
"name": "https://github.com/eivindfjeldstad/dot/commit/774e4b0c97ca35d2ae40df2cd14428d37dd07a0b",
"refsource": "MISC",
"url": "https://github.com/eivindfjeldstad/dot/commit/774e4b0c97ca35d2ae40df2cd14428d37dd07a0b"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-7639",
"datePublished": "2020-04-06T12:48:14",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:20.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8141 (GCVE-0-2020-8141)
Vulnerability from nvd – Published: 2020-03-15 17:04 – Updated: 2024-08-04 09:48
VLAI?
Summary
The dot package v1.1.2 uses Function() to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype.
Severity ?
No CVSS data available.
CWE
- CWE-94 - Code Injection (CWE-94)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:25.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/390929"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "dot",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "1.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The dot package v1.1.2 uses Function() to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection (CWE-94)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-15T17:04:40",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/390929"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "dot",
"version": {
"version_data": [
{
"version_value": "1.1.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dot package v1.1.2 uses Function() to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code Injection (CWE-94)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/390929",
"refsource": "MISC",
"url": "https://hackerone.com/reports/390929"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8141",
"datePublished": "2020-03-15T17:04:40",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-08-04T09:48:25.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-7639 (GCVE-0-2020-7639)
Vulnerability from cvelistv5 – Published: 2020-04-06 12:48 – Updated: 2024-08-04 09:33
VLAI?
Summary
eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.The function 'set' could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload.
Severity ?
No CVSS data available.
CWE
- Prototype Pollution
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | @eivifj/dot |
Affected:
All versions below 1.0.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:20.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-EIVIFJDOT-564435"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/eivindfjeldstad/dot/commit/774e4b0c97ca35d2ae40df2cd14428d37dd07a0b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "@eivifj/dot",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions below 1.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.The function \u0027set\u0027 could be tricked into adding or modifying properties of \u0027Object.prototype\u0027 using a \u0027__proto__\u0027 payload."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Prototype Pollution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-06T12:48:14",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JS-EIVIFJDOT-564435"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eivindfjeldstad/dot/commit/774e4b0c97ca35d2ae40df2cd14428d37dd07a0b"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2020-7639",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "@eivifj/dot",
"version": {
"version_data": [
{
"version_value": "All versions below 1.0.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.The function \u0027set\u0027 could be tricked into adding or modifying properties of \u0027Object.prototype\u0027 using a \u0027__proto__\u0027 payload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Prototype Pollution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JS-EIVIFJDOT-564435",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-EIVIFJDOT-564435"
},
{
"name": "https://github.com/eivindfjeldstad/dot/commit/774e4b0c97ca35d2ae40df2cd14428d37dd07a0b",
"refsource": "MISC",
"url": "https://github.com/eivindfjeldstad/dot/commit/774e4b0c97ca35d2ae40df2cd14428d37dd07a0b"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-7639",
"datePublished": "2020-04-06T12:48:14",
"dateReserved": "2020-01-21T00:00:00",
"dateUpdated": "2024-08-04T09:33:20.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8141 (GCVE-0-2020-8141)
Vulnerability from cvelistv5 – Published: 2020-03-15 17:04 – Updated: 2024-08-04 09:48
VLAI?
Summary
The dot package v1.1.2 uses Function() to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype.
Severity ?
No CVSS data available.
CWE
- CWE-94 - Code Injection (CWE-94)
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:25.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/390929"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "dot",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "1.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The dot package v1.1.2 uses Function() to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection (CWE-94)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-15T17:04:40",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/390929"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "dot",
"version": {
"version_data": [
{
"version_value": "1.1.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dot package v1.1.2 uses Function() to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code Injection (CWE-94)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/390929",
"refsource": "MISC",
"url": "https://hackerone.com/reports/390929"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8141",
"datePublished": "2020-03-15T17:04:40",
"dateReserved": "2020-01-28T00:00:00",
"dateUpdated": "2024-08-04T09:48:25.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}