In affected versions of dojox (NPM package), the jqMix method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. This has been patched in versions 1.11.10, 1.12.8, 1.13.7, 1.14.6, 1.15.3 and 1.16.2
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2020-03-10T17:50:14
Updated: 2024-08-04T08:22:09.035Z
Reserved: 2020-01-02T00:00:00
Link: CVE-2020-5259
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-03-10T18:15:12.203
Modified: 2024-11-21T05:33:47.097
Link: CVE-2020-5259
Redhat
No data.