Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by dot_project
CVE-2020-7639 (GCVE-0-2020-7639)
Vulnerability from cvelistv5 – Published: 2020-04-06 12:48 – Updated: 2024-08-04 09:33
VLAI
Summary
eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.The function 'set' could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload.
Severity
No CVSS data available.
CWE
- Prototype Pollution
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://snyk.io/vuln/SNYK-JS-EIVIFJDOT-564435 | x_refsource_MISC |
| https://github.com/eivindfjeldstad/dot/commit/774… | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | @eivifj/dot |
Affected:
All versions below 1.0.3
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:33:20.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-JS-EIVIFJDOT-564435"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/eivindfjeldstad/dot/commit/774e4b0c97ca35d2ae40df2cd14428d37dd07a0b"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "@eivifj/dot",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "All versions below 1.0.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.The function \u0027set\u0027 could be tricked into adding or modifying properties of \u0027Object.prototype\u0027 using a \u0027__proto__\u0027 payload."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Prototype Pollution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-06T12:48:14.000Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-JS-EIVIFJDOT-564435"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/eivindfjeldstad/dot/commit/774e4b0c97ca35d2ae40df2cd14428d37dd07a0b"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "report@snyk.io",
"ID": "CVE-2020-7639",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "@eivifj/dot",
"version": {
"version_data": [
{
"version_value": "All versions below 1.0.3"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.The function \u0027set\u0027 could be tricked into adding or modifying properties of \u0027Object.prototype\u0027 using a \u0027__proto__\u0027 payload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Prototype Pollution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://snyk.io/vuln/SNYK-JS-EIVIFJDOT-564435",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-JS-EIVIFJDOT-564435"
},
{
"name": "https://github.com/eivindfjeldstad/dot/commit/774e4b0c97ca35d2ae40df2cd14428d37dd07a0b",
"refsource": "MISC",
"url": "https://github.com/eivindfjeldstad/dot/commit/774e4b0c97ca35d2ae40df2cd14428d37dd07a0b"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2020-7639",
"datePublished": "2020-04-06T12:48:14.000Z",
"dateReserved": "2020-01-21T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:33:20.000Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-8141 (GCVE-0-2020-8141)
Vulnerability from cvelistv5 – Published: 2020-03-15 17:04 – Updated: 2024-08-04 09:48
VLAI
Summary
The dot package v1.1.2 uses Function() to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype.
Severity
No CVSS data available.
CWE
- CWE-94 - Code Injection (CWE-94)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://hackerone.com/reports/390929 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:48:25.637Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/390929"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "dot",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "1.1.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The dot package v1.1.2 uses Function() to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Code Injection (CWE-94)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-15T17:04:40.000Z",
"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"shortName": "hackerone"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/390929"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "support@hackerone.com",
"ID": "CVE-2020-8141",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "dot",
"version": {
"version_data": [
{
"version_value": "1.1.2"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The dot package v1.1.2 uses Function() to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code Injection (CWE-94)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://hackerone.com/reports/390929",
"refsource": "MISC",
"url": "https://hackerone.com/reports/390929"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
"assignerShortName": "hackerone",
"cveId": "CVE-2020-8141",
"datePublished": "2020-03-15T17:04:40.000Z",
"dateReserved": "2020-01-28T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:48:25.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}