Lucene search
SnykCVELIST:CVE-2021-23624HistoryNov 03, 2021 - 5:20 p.m.
CVE-2021-23624 Prototype Pollution
2021-11-0317:20:16
snyk
www.cve.org
2
type confusion
bypass
dotty
CVSS3
5.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RC:C
AI Score
9.7
Confidence
High
EPSS
0.012
Percentile
85.1%
This affects the package dotty before 0.1.2. A type confusion vulnerability can lead to a bypass of CVE-2021-25912 when the user-provided keys used in the path parameter are arrays.
CNA Affected
[
{
"product": "dotty",
"vendor": "n/a",
"versions": [
{
"lessThan": "0.1.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]Related
osv
osv
CVE-2021-23624
2021-11-03 18:15:08
Prototype Pollution in dotty
2021-11-08 17:55:48
CVE-2021-25912
2021-02-02 19:15:14
prion
prion
Type confusion
2021-11-03 18:15:00
Remote code execution
2021-02-02 19:15:00
cve
cve
CVE-2021-23624
2021-11-03 18:15:08
CVE-2021-25912
2021-02-02 19:15:14
github
github
Prototype Pollution in dotty
2021-11-08 17:55:48
Prototype pollution in dotty
2021-02-05 20:43:08
nvd
nvd
CVE-2021-23624
2021-11-03 18:15:08
CVE-2021-25912
2021-02-02 19:15:14
veracode
veracode
Prototype Pollution
2021-11-05 10:06:55
Prototype Pollution
2021-02-03 04:58:24
cvelist
cvelist
CVE-2021-25912
2021-02-02 18:40:37
cnvd
cnvd
Unspecified vulnerability in Deoxxa dotty
2021-11-08 00:00:00
nodejs
nodejs
Prototype Pollution
2021-02-23 02:17:54
checkpoint_advisories
checkpoint_advisories
CVSS3
5.6
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:P/RC:C
AI Score
9.7
Confidence
High
EPSS
0.012
Percentile
85.1%
Related for CVELIST:CVE-2021-23624