2 matches found
CVE-2021-25912
CVE-2021-25912 is a prototype pollution vulnerability in the Node.js package dotty, affecting versions 0.0.1 through 0.1.0. The flaw allows attackers to cause a denial of service and may lead to remote code execution. The root cause is a type-confusion/policing issue when keys in the path paramet...
CVE-2021-23624
CVE-2021-23624 affects the dotty package prior to v0.1.2 and describes a type confusion vulnerability that can bypass CVE-2021-25912 when user-provided path keys are arrays. The issue is consistently reported across multiple sources (NVD/OSV/GHSA/CVE List) as a prototype pollution/type confusion ...