VDB
CVE-2020-5258
CVE-2020-5258
PUBLISHED
In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. This has been patched in versions 1.12.8, 1.13.7, 1.14.6, 1.15.3 and 1.16.2
EPSS 1.54% · 81.7th percentile
Risk Scores
EPSS Score
1.54%
81.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:16.04:LTS | dojo | 0, 1.10.4+dfsg-2, 1.10.4+dfsg-2ubuntu0.1~esm1 |
| Ubuntu:Pro:20.04:LTS | dojo | 1.15.0+dfsg1-1ubuntu0.1~esm1, 0, 1.14.2+dfsg1-1 |
| Ubuntu:18.04:LTS | dojo | 0, * |
Timeline
- CVE Published
- Apr 14, 2021 EPSS Score
- Jul 21, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 25, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 27, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 15, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Jan 7, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-5258 third-party-advisory
- https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2 third-party-advisory
- https://github.com/dojo/dojo/commit/20a00afb68f5587946dc76fbeaa68c39bda2171d third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-5258 third-party-advisory