CVE-2021-23624

MEDIUM5.6EPSS 0.43%

Prototype Pollution in dotty

發布日:2021/11/8修改日:2026/3/13

描述

This affects the package dotty before 0.1.2. A type confusion vulnerability can lead to a bypass of CVE-2021-25912 when the user-provided keys used in the path parameter are arrays.

受影響套件(1)

npm/dottyfrom 0, < 0.1.2

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM5.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

參考連結(4)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-23624
PATCHhttps://github.com/deoxxa/dotty
WEBhttps://github.com/deoxxa/dotty/commit/88f61860dcc274a07a263c32cbe9d44c24ef02d7
WEBhttps://snyk.io/vuln/SNYK-JS-DOTTY-1577292