CVE-2020-5258

CVE-2020-5258 affects the Dojo NPM package where the deepCopy function is vulnerable to Prototype Pollution. The root cause is injection of properties into native JavaScript prototypes, allowing an attacker to mutate a base object’s prototype. Patched versions are 1.12.8, 1.13.7, 1.14.6, 1.15.3 a...

CVE-2021-23450

CVE-2021-23450 describes a Prototype Pollution vulnerability in the Dojo package, exposed via the setObject function. Multiple connected advisories confirm Dojo is affected and note remediation by upgrading to fixed Dojo versions in vendor advisories (IBM, other vendors) and related security bull...