Lucene search

K
veracodeVeracode Vulnerability DatabaseVERACODE:35398
HistoryMay 05, 2022 - 4:48 p.m.

Prototype Pollution

2022-05-0516:48:38
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14
prototype pollution
dexie
security vulnerability
object.prototype
dexie.setbykeypath

EPSS

0.006

Percentile

79.2%

dexie is vulnerable to prototype pollution. An attacker is able to add or modify properties of the Object.prototype via the Dexie.setByKeyPath function, which does not properly check whether the keys have been set like __proto__ or constructor, leading to prototype pollution vulnerability.

Affected configurations

Vulners
Node
dexiedexieRange3.2.1
OR
dexiedexieRange4.0.0-alpha.2
VendorProductVersionCPE
dexiedexie*cpe:2.3:a:dexie:dexie:*:*:*:*:*:*:*:*

EPSS

0.006

Percentile

79.2%