CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7 matches found

vulnersOsv•added 2026/02/26 7:54 p.m.•6 views

@restura/core (>=0.1.0-alpha.12 <=2.0.3), @restura/logger (=1.0.1) +42 more potentially affected by CVE-2026-27837 via dottie (>=2.0.4 <=2.0.6)

dottie NPM version =2.0.4, =0.1.0-alpha.12, =1.3.53, =1.0.25, =1.0.25, =1.0.25, =1.0.25, =1.0.25, =1.0.21, =1.0.25, =1.0.25, =1.0.25, =1.3.44, =1.3.53, =1.3.35, =1.6.13-alpha.2 and more Source cves: CVE-2026-27837 Source advisory: OSV:GHSA-R5MX-6WC6-7H9W...

9.8CVSS7.7AI score0.00303EPSS

Exploits2

vulnersOsv•added 2026/02/26 7:54 p.m.•10 views

@restura/core (>=0.1.0-alpha.12 <=2.0.3), @restura/logger (=1.0.1) +42 more potentially affected by CVE-2023-26132 +1 more via dottie (>=2.0.4 <=2.0.6)

dottie NPM version =2.0.4, =0.1.0-alpha.12, =1.3.53, =1.0.25, =1.0.25, =1.0.25, =1.0.25, =1.0.25, =1.0.21, =1.0.25, =1.0.25, =1.0.25, =1.3.44, =1.3.53, =1.3.35, =1.6.13-alpha.2 and more Source cves: CVE-2023-26132, CVE-2026-27837 Source advisory: SNYK:JS-DOTTIE-15360180...

9.8CVSS7.2AI score0.01062EPSS

Exploits3

Github Security Blog•added 2026/02/26 7:54 p.m.•14 views

dottie is vulnerable to Prototype Pollution bypass via non-first path segments in set() and transform()

Summary dottie versions 2.0.4 through 2.0.6 contain an incomplete fix for CVE-2023-26132. The prototype pollution guard introduced in commit 7d3aee1 only validates the first segment of a dot-separated path, allowing an attacker to bypass the protection by placing proto at any position other than...

9.8CVSS5.6AI score0.00303EPSS

Exploits2References5Affected Software1

ATTACKERKB•added 2026/02/26 12:19 a.m.•2 views

CVE-2026-27837

Dottie provides nested object access and manipulation in JavaScript. Versions 2.0.4 through 2.0.6 contain an incomplete fix for CVE-2023-26132. The prototype pollution guard introduced in commit 7d3aee1 only validates the first segment of a dot-separated path, allowing an attacker to bypass the...

9.8CVSS5.4AI score0.01062EPSS

Exploits3References4Affected Software1

Ubuntu•added 2026/02/12 8:53 p.m.•6 views

USN-8041-1: Dottie vulnerability

Yuhan Gao and Peng Zhou discovered that Dottie was vulnerable to prototype pollution when altering the proto magical attribute. An attacker could possibly use this issue to achieve remote code execution...

7.5CVSS6.1AI score0.01062EPSS

Exploits2

vulnersOsv•added 2023/06/10 6:30 a.m.•4 views

12g (=0.0.27), 402 (>=0.0.2 <=0.1.1) +1028 more potentially affected by CVE-2023-26132 +1 more via dottie (>=0.0.6-1 <=2.0.3)

dottie NPM version =0.0.6-1, =0.0.2, =1.16.1, =1.16.0, =1.16.0, =1.16.0, =1.16.0, =0.0.1, =1.1.7, =1.0.0, =1.0.0, =1.0.0, =1.0.0, =1.0.6 and more Source cves: CVE-2023-26132, CVE-2026-27837 Source advisory: OSV:GHSA-4GXF-G5GF-22H4...

9.8CVSS7.1AI score0.01062EPSS

Exploits3

CNNVD•added 2023/06/10 12:0 a.m.•4 views

dottie 安全漏洞

dottie is an application from Mick Hansen's personal developer that makes it easy to find nested keys. A security vulnerability exists in versions prior to dottie 2.0.4, which stems from inadequate checking and vulnerability to prototype contamination...

7.5CVSS7.2AI score0.01062EPSS

Exploits2References4

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by