Prototype Pollution

dexie is vulnerable to prototype pollution. An attacker is able to add or modify properties of the Object.prototype via the Dexie.setByKeyPath function, which does not properly check whether the keys have been set like proto or constructor, leading to prototype pollution vulnerability...

Prototype Pollution in Dexie

Dexie is a minimalistic wrapper for IndexedDB. The package dexie before 3.2.2, from 4.0.0-alpha.1 and before 4.0.0-alpha.3 are vulnerable to Prototype Pollution in the Dexie.setByKeyPathobj, keyPath, value function which does not properly check the keys being set like proto or constructor. This c...

CVE-2022-21189

The package dexie before 3.2.2, from 4.0.0-alpha.1 and before 4.0.0-alpha.3 are vulnerable to Prototype Pollution in the Dexie.setByKeyPathobj, keyPath, value function which does not properly check the keys being set like proto or constructor. This can allow an attacker to add/modify properties o...

Design/Logic Flaw

The package dexie before 3.2.2, from 4.0.0-alpha.1 and before 4.0.0-alpha.3 are vulnerable to Prototype Pollution in the Dexie.setByKeyPathobj, keyPath, value function which does not properly check the keys being set like proto or constructor. This can allow an attacker to add/modify properties o...

@mdn/yari (>=0.14.3 <=0.14.14), @thomasrandolph/taproot (=0.48.3) +7 more potentially affected by CVE-2022-21189 via dexie (>=3.1.0-beta.12 <=3.2.1)

dexie NPM version =3.1.0-beta.12, =0.14.3, =1.293.0, =1.3.0-shadowmanager.3, =0.0.181, =1.0.4, =0.1.0, =0.1.0, =0.1.1, =0.1.8 Source cves: CVE-2022-21189 Source advisory: SNYK:JS-DEXIE-2607042...

@bildvitta/vuex-offline (>=3.0.0-beta.0 <=3.0.0-beta.3), @indexeddb-orm/idb-orm (>=0.0.1 <=0.0.3) +4 more potentially affected by CVE-2022-21189 via dexie (>=4.0.0-alpha.1 <=4.0.0-alpha.2)

dexie NPM version =4.0.0-alpha.1, =3.0.0-beta.0, =0.0.1, =1.0.0, =1.0.0, =11.5.0, =12.4.1 Source cves: CVE-2022-21189 Source advisory: SNYK:JS-DEXIE-2607042...