Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Prototype Pollution in Dojox
Vulnerability Description
In affected versions of dojox (NPM package), the jqMix method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. This has been patched in versions 1.11.10, 1.12.8, 1.13.7, 1.14.6, 1.15.3 and 1.16.2
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
Vulnerability Type
对生成代码的控制不恰当(代码注入)
Vulnerability Title
dojo 注入漏洞
Vulnerability Description
dojo是一款JavaScript工具箱,它包含实用程序和UI组件等。 dojox中存在注入漏洞。攻击者可利用该漏洞覆盖或污染基本对象的JavaScript应用程序对象原型。
CVSS Information
N/A
Vulnerability Type
N/A