Lucene search
Veracode Vulnerability DatabaseVERACODE:35398HistoryMay 05, 2022 - 4:48 p.m.
Prototype Pollution
2022-05-0516:48:38
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
10
0.005 Low
EPSS
Percentile
76.1%
dexie is vulnerable to prototype pollution. An attacker is able to add or modify properties of the Object.prototype via the Dexie.setByKeyPath function, which does not properly check whether the keys have been set like __proto__ or constructor, leading to prototype pollution vulnerability.
| CPE | Name | Operator | Version |
|---|---|---|---|
| dexie | le | 3.2.1 | |
| dexie | le | 4.0.0-alpha.2 | |
| dexie | le | 3.2.1 | |
| dexie | le | 4.0.0-alpha.2 | |
| dexie | le | 3.2.0 | |
| dexie | le | 3.2.1 | |
| dexie | le | 4.0.0-alpha.2 | |
| dexie | le | 3.2.1 | |
| dexie | le | 4.0.0-alpha.2 | |
| dexie | le | 3.2.0 |
Related
prion
prion
Design/Logic Flaw
2022-05-01 16:15:00
cve
cve
CVE-2022-21189
2022-05-01 16:15:08
osv
osv
Prototype Pollution in Dexie
2022-05-03 00:00:46
CVE-2022-21189
2022-05-01 16:15:08
nvd
nvd
CVE-2022-21189
2022-05-01 16:15:08
ibm
ibm
Security Bulletin: Open Source Dependency Vulnerability
2023-05-15 16:39:19
github
github
Prototype Pollution in Dexie
2022-05-03 00:00:46
cvelist
cvelist
CVE-2022-21189 Prototype Pollution
2022-05-01 00:00:00
nessus
nessus
Oracle Database Server (Jul 2023 CPU)
2023-07-19 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00