Vulnerabilities > CVE-2023-26132 - Unspecified vulnerability in Dottie Project Dottie

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

dottie-project

NVD

Published: 2023-06-10

Updated: 2024-11-21

Summary

Versions of the package dottie before 2.0.4 are vulnerable to Prototype Pollution due to insufficient checks, via the set() function and the current variable in the /dottie.js file.

Vulnerable Configurations

Part	Description	Count
Application	Dottie_Project Dottie Project Dottie 0.1.0 Dottie Project Dottie 0.2.0 Dottie Project Dottie 0.2.5 Dottie Project Dottie 0.2.6 Dottie Project Dottie 0.3.0 Dottie Project Dottie 0.3.1 Dottie Project Dottie 1.0.0 Dottie Project Dottie 1.1.0 Dottie Project Dottie 1.1.1 Dottie Project Dottie 2.0.0 Dottie Project Dottie 2.0.1 Dottie Project Dottie 2.0.2 Dottie Project Dottie 2.0.3	13

References

https://github.com/mickhansen/dottie.js/blob/b48e22714aae4489ea6276452f22cc61980ba5a4/dottie.js%23L107
https://github.com/mickhansen/dottie.js/blob/b48e22714aae4489ea6276452f22cc61980ba5a4/dottie.js%23L107
https://github.com/mickhansen/dottie.js/commit/7d3aee1c9c3c842720506e131de7e181e5c8db68
https://github.com/mickhansen/dottie.js/commit/7d3aee1c9c3c842720506e131de7e181e5c8db68
https://security.snyk.io/vuln/SNYK-JS-DOTTIE-3332763
https://security.snyk.io/vuln/SNYK-JS-DOTTIE-3332763