dojo is vulnerable to prototype pollution. The vulnerability exists in setObject
function of lang.js
due to lack of object validations which allows an attacker to inject arbitrary object properties which can potentially lead to execution of arbitrary code.
CPE | Name | Operator | Version |
---|---|---|---|
dojo | le | 1.17.2 | |
dojo | le | 2.0.0-alpha.7 | |
dojo | le | 1.17.2 | |
dojo | le | 2.0.0-alpha.7 |