Skip to main content

Dot

2 CVEs product

Monthly

CVE-2020-7639 npm MEDIUM POC PATCH This Month

eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.The function 'set' could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Dot
NVD GitHub
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-8141 npm HIGH POC PATCH This Week

The dot package v1.1.2 uses Function() to compile templates. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Dot
NVD
CVSS 3.1
8.8
EPSS
2.1%
EPSS 1% CVSS 5.3
MEDIUM POC PATCH This Month

eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.The function 'set' could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Prototype Pollution Information Disclosure Dot
NVD GitHub
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

The dot package v1.1.2 uses Function() to compile templates. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

RCE Code Injection Dot
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy