CVE-2021-23450 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-23450 PUBLISHED

All versions of package dojo are vulnerable to Prototype Pollution via the setObject function.

EPSS 2.00% · 83.5th percentile

Risk Scores

EPSS Score

2.00%

83.5th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:22.04:LTS	dojo	0, 1.15.4+dfsg1-1
Ubuntu:18.04:LTS	dojo	1.11.0+dfsg-1, 0
Ubuntu:Pro:20.04:LTS	dojo	1.15.0+dfsg1-1, 0, 1.14.2+dfsg1-1
Ubuntu:Pro:16.04:LTS	dojo	0, 1.10.4+dfsg-2

Timeline

Dec 17, 2021 CVE Published
Dec 20, 2021 EPSS Score
Feb 12, 2022 EPSS Score
Apr 6, 2022 EPSS Score
Apr 7, 2022 PoC Published
Jul 23, 2022 EPSS Score
Sep 15, 2022 EPSS Score
Nov 8, 2022 EPSS Score
Dec 31, 2022 EPSS Score
Jan 30, 2023 CVE Updated
Feb 23, 2023 EPSS Score
Apr 17, 2023 EPSS Score

References

https://ubuntu.com/security/CVE-2021-23450 third-party-advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2313033 third-party-advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBDOJO-2313034 third-party-advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2313035 third-party-advisory
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-2313036 third-party-advisory
https://snyk.io/vuln/SNYK-JS-DOJO-1535223 third-party-advisory
https://github.com/dojo/dojo/blob/4c39c14349408fc8274e19b399ffc660512ed07c/_base/lang.js%23L172 third-party-advisory
https://www.cve.org/CVERecord?id=CVE-2021-23450 third-party-advisory
https://ubuntu.com/security/notices/USN-7569-1 vendor-advisory

Open in Interactive Console →