40 matches found
📄 dottie 2.0.6 Prototype Pollution Bypass
CVE-2026-27837 describes an incomplete patch in dottie versions 2.0.4 through 2.0.6, following the original CVE-2023-26132 fix attempt. The protection added in commit 7d3aee1 validates only the first segment of a dot-separated property path against dangerous keys such as proto. However, the...
Linux Distros Unpatched Vulnerability : CVE-2026-27837
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Dottie provides nested object access and manipulation in JavaScript. Versions 2.0.4 through 2.0.6 contain an incomplete fix for CVE-2023-26132. The prototype...
@restura/core (>=0.1.0-alpha.12 <=2.0.1), @restura/logger (=1.0.1) +42 more potentially affected by CVE-2023-26132 +1 more via dottie (>=2.0.4 <=2.0.6)
dottie NPM version =2.0.4, =0.1.0-alpha.12, =1.3.53, =1.0.25, =1.0.25, =1.0.25, =1.0.25, =1.0.25, =1.0.21, =1.0.25, =1.0.25, =1.0.25, =1.3.44, =1.3.53, =1.3.35, =1.6.11-alpha.1 and more Source cves: CVE-2023-26132, CVE-2026-27837 Source advisory: SNYK:JS-DOTTIE-15360180...
@restura/core (>=0.1.0-alpha.12 <=2.0.1), @restura/logger (=1.0.1) +42 more potentially affected by CVE-2026-27837 via dottie (>=2.0.4 <=2.0.6)
dottie NPM version =2.0.4, =0.1.0-alpha.12, =1.3.53, =1.0.25, =1.0.25, =1.0.25, =1.0.25, =1.0.25, =1.0.21, =1.0.25, =1.0.25, =1.0.25, =1.3.44, =1.3.53, =1.3.35, =1.6.11-alpha.1 and more Source cves: CVE-2026-27837 Source advisory: OSV:GHSA-R5MX-6WC6-7H9W...
Prototype Pollution
Overview dottie is a Fast and safe nested object access and manipulation in JavaScript Affected versions of this package are vulnerable to Prototype Pollution in the set and transform functions. An attacker can inject unauthorized properties into an object's prototype chain by supplying specially...
GHSA-R5MX-6WC6-7H9W dottie is vulnerable to Prototype Pollution bypass via non-first path segments in set() and transform()
Summary dottie versions 2.0.4 through 2.0.6 contain an incomplete fix for CVE-2023-26132. The prototype pollution guard introduced in commit 7d3aee1 only validates the first segment of a dot-separated path, allowing an attacker to bypass the protection by placing proto at any position other than...
dottie is vulnerable to Prototype Pollution bypass via non-first path segments in set() and transform()
Summary dottie versions 2.0.4 through 2.0.6 contain an incomplete fix for CVE-2023-26132. The prototype pollution guard introduced in commit 7d3aee1 only validates the first segment of a dot-separated path, allowing an attacker to bypass the protection by placing proto at any position other than...
DEBIAN-CVE-2026-27837
Dottie provides nested object access and manipulation in JavaScript. Versions 2.0.4 through 2.0.6 contain an incomplete fix for CVE-2023-26132. The prototype pollution guard introduced in commit 7d3aee1 only validates the first segment of a dot-separated path, allowing an attacker to bypass the...
CVE-2026-27837
Dottie provides nested object access and manipulation in JavaScript. Versions 2.0.4 through 2.0.6 contain an incomplete fix for CVE-2023-26132. The prototype pollution guard introduced in commit 7d3aee1 only validates the first segment of a dot-separated path, allowing an attacker to bypass the...
UBUNTU-CVE-2026-27837
Dottie provides nested object access and manipulation in JavaScript. Versions 2.0.4 through 2.0.6 contain an incomplete fix for CVE-2023-26132. The prototype pollution guard introduced in commit 7d3aee1 only validates the first segment of a dot-separated path, allowing an attacker to bypass the...
CVE-2026-27837
Dottie provides nested object access and manipulation in JavaScript. Versions 2.0.4 through 2.0.6 contain an incomplete fix for CVE-2023-26132. The prototype pollution guard introduced in commit 7d3aee1 only validates the first segment of a dot-separated path, allowing an attacker to bypass the...
CVE-2026-27837
Dottie provides nested object access and manipulation in JavaScript. Versions 2.0.4 through 2.0.6 contain an incomplete fix for CVE-2023-26132. The prototype pollution guard introduced in commit 7d3aee1 only validates the first segment of a dot-separated path, allowing an attacker to bypass the...
CVE-2026-27837 Dottie vulnerable to prototype pollution bypass via non-first path segments in set() and transform()
Dottie provides nested object access and manipulation in JavaScript. Versions 2.0.4 through 2.0.6 contain an incomplete fix for CVE-2023-26132. The prototype pollution guard introduced in commit 7d3aee1 only validates the first segment of a dot-separated path, allowing an attacker to bypass the...
CVE-2026-27837 Dottie vulnerable to prototype pollution bypass via non-first path segments in set() and transform()
Dottie provides nested object access and manipulation in JavaScript. Versions 2.0.4 through 2.0.6 contain an incomplete fix for CVE-2023-26132. The prototype pollution guard introduced in commit 7d3aee1 only validates the first segment of a dot-separated path, allowing an attacker to bypass the...
CVE-2026-27837 Dottie vulnerable to prototype pollution bypass via non-first path segments in set() and transform()
Dottie provides nested object access and manipulation in JavaScript. Versions 2.0.4 through 2.0.6 contain an incomplete fix for CVE-2023-26132. The prototype pollution guard introduced in commit 7d3aee1 only validates the first segment of a dot-separated path, allowing an attacker to bypass the...
CVE-2026-27837
CVE-2026-27837 : Dottie (JavaScript) has a prototype pollution bypass due to a guard that only validates the first segment of a dot-separated path. Versions 2.0.4–2.0.6 contain an incomplete fix for CVE-2023-26132; an attacker can bypass protection by placing proto at any non-first position. Both...
dottie 安全漏洞
Dottie is an application developed by Mick Hansen that allows for easy searching of nested keys. Versions 2.0.4 to 2.0.6 of Dottie contain security vulnerabilities, which stem from incomplete prototype pollution protection mechanisms. These vulnerabilities could lead to bypassing the protection...
CVE-2026-27837
Dottie provides nested object access and manipulation in JavaScript. Versions 2.0.4 through 2.0.6 contain an incomplete fix for CVE-2023-26132. The prototype pollution guard introduced in commit 7d3aee1 only validates the first segment of a dot-separated path, allowing an attacker to bypass the...
Ubuntu 20.04 LTS / 22.04 LTS : Dottie vulnerability (USN-8041-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-8041-1 advisory. Yuhan Gao and Peng Zhou discovered that Dottie was vulnerable to prototype pollution when altering the proto magical attribute. An attacker could...
USN-8041-1 node-dottie vulnerability
Yuhan Gao and Peng Zhou discovered that Dottie was vulnerable to prototype pollution when altering the proto magical attribute. An attacker could possibly use this issue to achieve remote code execution...