Lucene search
GoogleOSV:CVE-2022-21189HistoryMay 01, 2022 - 4:15 p.m.
CVE-2022-21189
2022-05-0116:15:08
Google
osv.dev
4
The package dexie before 3.2.2, from 4.0.0-alpha.1 and before 4.0.0-alpha.3 are vulnerable to Prototype Pollution in the Dexie.setByKeyPath(obj, keyPath, value) function which does not properly check the keys being set (like proto or constructor). This can allow an attacker to add/modify properties of the Object.prototype leading to prototype pollution vulnerability. Note: This vulnerability can occur in multiple ways, for example when modifying a collection with untrusted user input.
| CPE | Name | Operator | Version |
|---|---|---|---|
| dexie.js | eq | 1.4.1 | |
| dexie.js | eq | 2.0.0-beta.9 | |
| dexie.js | eq | 1.3.3 | |
| dexie.js | eq | 3.0.0 | |
| dexie.js | eq | 3.0.0-alpha.8 | |
| dexie.js | eq | 1.3.0 | |
| dexie.js | eq | 3.0.0-rc.5 | |
| dexie.js | eq | 3.2.0-beta.3 | |
| dexie.js | eq | 1.3.6 | |
| dexie.js | eq | 1.3.5-beta |
Related
veracode
veracode
Prototype Pollution
2022-05-05 16:48:38
prion
prion
Design/Logic Flaw
2022-05-01 16:15:00
cve
cve
CVE-2022-21189
2022-05-01 16:15:08
osv
osv
Prototype Pollution in Dexie
2022-05-03 00:00:46
nvd
nvd
CVE-2022-21189
2022-05-01 16:15:08
ibm
ibm
Security Bulletin: Open Source Dependency Vulnerability
2023-05-15 16:39:19
github
github
Prototype Pollution in Dexie
2022-05-03 00:00:46
cvelist
cvelist
CVE-2022-21189 Prototype Pollution
2022-05-01 00:00:00
nessus
nessus
Oracle Database Server (Jul 2023 CPU)
2023-07-19 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00