CVE-2020-5259 — Vulnetix

Try Vulnetix Request Demo

CVE-2020-5259 PUBLISHED

In affected versions of dojox (NPM package), the jqMix method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. This has been patched in versions 1.11.10, 1.12.8, 1.13.7, 1.14.6, 1.15.3 and 1.16.2

EPSS 0.28% · 51.0th percentile

Risk Scores

EPSS Score

0.28%

51.0th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:18.04:LTS	dojo	0, 1.11.0+dfsg-1
Ubuntu:Pro:20.04:LTS	dojo	1.15.0+dfsg1-1ubuntu0.1~esm1, 0, 1.14.2+dfsg1-1
Ubuntu:Pro:16.04:LTS	dojo	1.10.4+dfsg-2ubuntu0.1~esm1, 1.10.4+dfsg-2, 0

Timeline

Apr 30, 2017 PoC Published
Mar 10, 2020 CVE Published
Mar 11, 2020 CVE Updated
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Jun 28, 2021 PoC Published
Aug 23, 2021 EPSS Score
Dec 25, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Feb 25, 2022 EPSS Score
Apr 1, 2022 EPSS Score

References

https://ubuntu.com/security/CVE-2020-5259 third-party-advisory
https://github.com/dojo/dojox/security/advisories/GHSA-3hw5-q855-g6cw third-party-advisory
https://github.com/dojo/dojox/commit/47d1b302b5b23d94e875b77b9b9a8c4f5622c9da third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2020-5259 third-party-advisory

Open in Interactive Console →