CVE-2021-23450: Prototype Pollution
First published: Fri Dec 17 2021(Updated: )
All versions of package dojo are vulnerable to Prototype Pollution via the setObject function.
Credit: report@snyk.io
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Linuxfoundation Dojo | <1.17.0 | |
| Oracle Communications Policy Management | =12.6.0.0.0 | |
| Oracle Primavera Unifier | >=17.7<=17.12 | |
| Oracle Primavera Unifier | =18.8 | |
| Oracle Primavera Unifier | =19.12 | |
| Oracle Primavera Unifier | =20.12 | |
| Oracle Primavera Unifier | =21.12 | |
| Oracle WebLogic Server | =12.2.1.4.0 | |
| Oracle WebLogic Server | =14.1.1.0.0 | |
| Debian Debian Linux | =10.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/dojo/dojo/blob/4c39c14349408fc8274e19b399ffc660512ed07c/_base/lang.js%23L172
- https://lists.debian.org/debian-lts-announce/2023/01/msg00030.html
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-2313036
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2313035
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBDOJO-2313034
- https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2313033
- https://snyk.io/vuln/SNYK-JS-DOJO-1535223
- https://www.oracle.com/security-alerts/cpuapr2022.html
- https://www.oracle.com/security-alerts/cpujul2022.html
- https://exchange.xforce.ibmcloud.com/vulnerabilities/216463
- https://www.ibm.com/support/pages/node/6565099 (Advisory)
Frequently Asked Questions
What is CVE-2021-23450?
CVE-2021-23450 is a vulnerability in Dojo that could allow a remote attacker to execute arbitrary code on the system.
How does CVE-2021-23450 affect IBM Security Verify Governance?
CVE-2021-23450 affects IBM Security Verify Governance version 10.0.
What is the severity of CVE-2021-23450?
CVE-2021-23450 has a severity rating of critical (9.8).
How can an attacker exploit CVE-2021-23450?
An attacker can exploit CVE-2021-23450 by sending a specially-crafted request to the system.
Are there any resources available for CVE-2021-23450?
Yes, you can find more information about CVE-2021-23450 at the following links: [Link 1](https://exchange.xforce.ibmcloud.com/vulnerabilities/216463), [Link 2](https://www.ibm.com/support/pages/node/7047640).
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/remedy
- collector/ibm-support
- source/IBM
- agent/weakness
- agent/references
- agent/author
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/severity
- agent/event
- vendor/linuxfoundation
- canonical/linuxfoundation dojo
- vendor/oracle
- canonical/oracle communications policy management
- version/oracle communications policy management/12.6.0.0.0
- canonical/oracle primavera unifier
- version/oracle primavera unifier/17.7
- version/oracle primavera unifier/17.12
- version/oracle primavera unifier/18.8
- version/oracle primavera unifier/19.12
- version/oracle primavera unifier/20.12
- version/oracle primavera unifier/21.12
- canonical/oracle weblogic server
- version/oracle weblogic server/12.2.1.4.0
- version/oracle weblogic server/14.1.1.0.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0