Description
In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. This has been patched in versions 1.12.8, 1.13.7, 1.14.6, 1.15.3 and 1.16.2
Remediation
References
Related Vulnerabilities
Oracle Database Server CVE-2015-4900 Vulnerability (CVE-2015-4900)
WebLogic CVE-2022-21347 Vulnerability (CVE-2022-21347)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2018-1135)
WordPress Plugin ChimpMate-WordPress MailChimp Assistant Local File Inclusion (1.3.2)
Chamilo Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2021-38745)