Vulnerability Description
Versions of the package dottie before 2.0.4 are vulnerable to Prototype Pollution due to insufficient checks, via the set() function and the current variable in the /dottie.js file.
CVSS Score
7.5
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Dottie Project | Dottie | < 2.0.4 |
Related Weaknesses (CWE)
References
- https://github.com/mickhansen/dottie.js/blob/b48e22714aae4489ea6276452f22cc61980Broken Link
- https://github.com/mickhansen/dottie.js/commit/7d3aee1c9c3c842720506e131de7e181ePatch
- https://security.snyk.io/vuln/SNYK-JS-DOTTIE-3332763ExploitThird Party Advisory
- https://github.com/mickhansen/dottie.js/blob/b48e22714aae4489ea6276452f22cc61980Broken Link
- https://github.com/mickhansen/dottie.js/commit/7d3aee1c9c3c842720506e131de7e181ePatch
- https://security.snyk.io/vuln/SNYK-JS-DOTTIE-3332763ExploitThird Party Advisory
FAQ
What is CVE-2023-26132?
CVE-2023-26132 is a vulnerability with a CVSS score of 7.5 (HIGH). Versions of the package dottie before 2.0.4 are vulnerable to Prototype Pollution due to insufficient checks, via the set() function and the current variable in the /dottie.js file.
How severe is CVE-2023-26132?
CVE-2023-26132 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-26132?
Check the references section above for vendor advisories and patch information. Affected products include: Dottie Project Dottie.