In affected versions of dojox (NPM package), the jqMix method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. This has been patched in versions 1.11.10, 1.12.8, 1.13.7, 1.14.6, 1.15.3 and 1.16.2
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2020-03-10T17:50:14

Updated: 2024-08-04T08:22:09.035Z

Reserved: 2020-01-02T00:00:00

Link: CVE-2020-5259

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-03-10T18:15:12.203

Modified: 2024-11-21T05:33:47.097

Link: CVE-2020-5259

cve-icon Redhat

No data.