CVE-2021-23450

Published: Dic 17, 2021 Last Modified: Nov 21, 2024 EU-VD ID: EUVD-2022-0644 Aliases: GHSA-m8gw-hjpr-rjv7
ExploitDB:
Other exploit source:
Google Dorks:
HIGH 7,5
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: none
User Interaction: none
Scope: unchanged
Confidentiality: none
Integrity: none
Availability: high
HIGH 7,5
Source: [email protected]
Access Vector: network
Access Complexity: low
Authentication: none
Confidentiality: partial
Integrity: partial
Availability: partial

Description

AI Translation Available

All versions of package dojo are vulnerable to Prototype Pollution via the setObject function.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0241
Percentile
0,8th
Updated

EPSS Score Trend (Last 90 Days)

1321

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

Incomplete
Abstraction: Variant Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality Integrity Availability
Potential Impacts:
Read Application Data Modify Application Data Dos: Crash, Exit, Or Restart
Applicable Platforms
Languages: JavaScript
View CWE Details
Application

Communications Policy Management by Oracle

Product Information
Vendor Oracle
Product Communications Policy Management
Version 12.6.0.0.0
cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Weblogic Server by Oracle

Product Information
Vendor Oracle
Product Weblogic Server
Version 14.1.1.0.0
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Operating System

Debian Linux by Debian

Product Information
Vendor Debian
Product Debian Linux
Version 10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Primavera Unifier by Oracle

Product Information
Vendor Oracle
Product Primavera Unifier
Version Range Affected
From 17.7 (inclusive)
To 17.12 (inclusive)
cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Primavera Unifier by Oracle

Product Information
Vendor Oracle
Product Primavera Unifier
Version 19.12
cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Primavera Unifier by Oracle

Product Information
Vendor Oracle
Product Primavera Unifier
Version 18.8
cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Primavera Unifier by Oracle

Product Information
Vendor Oracle
Product Primavera Unifier
Version 20.12
cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Weblogic Server by Oracle

Product Information
Vendor Oracle
Product Weblogic Server
Version 12.2.1.4.0
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Dojo by Linuxfoundation

Product Information
Vendor Linuxfoundation
Product Dojo
Version Range Affected
To 1.17.0 (exclusive)
cpe:2.3:a:linuxfoundation:dojo:*:*:*:*:*:node.js:*:*
Common Platform Enumeration - Standardized vulnerability identification
Application

Primavera Unifier by Oracle

Product Information
Vendor Oracle
Product Primavera Unifier
Version 21.12
cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*
Common Platform Enumeration - Standardized vulnerability identification
https://github.com/dojo/dojo/blob/4c39c14349408fc8274e19b39…
Broken Link Third Party Advisory
https://github.com/dojo/dojo/blob/4c39c14349408fc8274e19b399ffc660512ed07c/_bas…
https://lists.debian.org/debian-lts-announce/2023/01/msg000…
Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/01/msg00030.html
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-2313036
Exploit Mitigation Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-2313036
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2313035
Exploit Mitigation Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2313035
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBDOJO-23…
Exploit Mitigation Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBDOJO-2313034
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2313033
Exploit Mitigation Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2313033
https://snyk.io/vuln/SNYK-JS-DOJO-1535223
Exploit Mitigation Third Party Advisory
https://snyk.io/vuln/SNYK-JS-DOJO-1535223
https://www.oracle.com/security-alerts/cpuapr2022.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujul2022.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html
https://github.com/dojo/dojo/blob/4c39c14349408fc8274e19b39…
Broken Link Third Party Advisory
https://github.com/dojo/dojo/blob/4c39c14349408fc8274e19b399ffc660512ed07c/_bas…
https://lists.debian.org/debian-lts-announce/2023/01/msg000…
Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/01/msg00030.html
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-2313036
Exploit Mitigation Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-2313036
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2313035
Exploit Mitigation Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2313035
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBDOJO-23…
Exploit Mitigation Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBDOJO-2313034
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2313033
Exploit Mitigation Third Party Advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2313033
https://snyk.io/vuln/SNYK-JS-DOJO-1535223
Exploit Mitigation Third Party Advisory
https://snyk.io/vuln/SNYK-JS-DOJO-1535223
https://www.oracle.com/security-alerts/cpuapr2022.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
https://www.oracle.com/security-alerts/cpujul2022.html
Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujul2022.html