{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2021-23450","assignerOrgId":"bae035ff-b466-4ff4-94d0-fc9efd9e1730","assignerShortName":"snyk","dateUpdated":"2024-09-16T20:53:01.107Z","dateReserved":"2021-01-08T00:00:00.000Z","datePublished":"2021-12-17T20:05:19.155Z"},"containers":{"cna":{"title":"Prototype Pollution","datePublic":"2021-12-17T00:00:00.000Z","providerMetadata":{"orgId":"bae035ff-b466-4ff4-94d0-fc9efd9e1730","shortName":"snyk","dateUpdated":"2023-01-29T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"All versions of package dojo are vulnerable to Prototype Pollution via the setObject function."}],"affected":[{"vendor":"n/a","product":"dojo","versions":[{"version":"0","status":"affected","lessThan":"unspecified","versionType":"custom"}]}],"references":[{"url":"https://snyk.io/vuln/SNYK-JS-DOJO-1535223"},{"url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2313033"},{"url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBDOJO-2313034"},{"url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2313035"},{"url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-2313036"},{"url":"https://github.com/dojo/dojo/blob/4c39c14349408fc8274e19b399ffc660512ed07c/_base/lang.js%23L172"},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html"},{"name":"[debian-lts-announce] 20230129 [SECURITY] [DLA 3289-1] dojo security update","tags":["mailing-list"],"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00030.html"}],"credits":[{"lang":"en","value":"Bob \"Wombat\" Hogg"}],"metrics":[{"cvssV3_1":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:P","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","exploitCodeMaturity":"PROOF_OF_CONCEPT","remediationLevel":"NOT_DEFINED","reportConfidence":"NOT_DEFINED","baseScore":7.5,"temporalScore":7.1,"baseSeverity":"HIGH","temporalSeverity":"HIGH"}}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"Prototype Pollution"}]}]},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-03T19:05:56.093Z"},"title":"CVE Program Container","references":[{"url":"https://snyk.io/vuln/SNYK-JS-DOJO-1535223","tags":["x_transferred"]},{"url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2313033","tags":["x_transferred"]},{"url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBDOJO-2313034","tags":["x_transferred"]},{"url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2313035","tags":["x_transferred"]},{"url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-2313036","tags":["x_transferred"]},{"url":"https://github.com/dojo/dojo/blob/4c39c14349408fc8274e19b399ffc660512ed07c/_base/lang.js%23L172","tags":["x_transferred"]},{"url":"https://www.oracle.com/security-alerts/cpuapr2022.html","tags":["x_transferred"]},{"url":"https://www.oracle.com/security-alerts/cpujul2022.html","tags":["x_transferred"]},{"name":"[debian-lts-announce] 20230129 [SECURITY] [DLA 3289-1] dojo security update","tags":["mailing-list","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2023/01/msg00030.html"}]}]}}