CVE-2021-23450

All versions of package dojo are vulnerable to Prototype Pollution via the setObject function.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:linuxfoundation:dojo:*:*:*:*:*:node.js:*:*

Configuration 2 (hide)

OR cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

History

30 Jan 2023, 18:24

Type Values Removed Values Added
References (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Patch, Third Party Advisory
References (MLIST) https://lists.debian.org/debian-lts-announce/2023/01/msg00030.html - (MLIST) https://lists.debian.org/debian-lts-announce/2023/01/msg00030.html - Mailing List, Third Party Advisory
CPE cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
First Time Debian
Debian debian Linux
Oracle weblogic Server

29 Jan 2023, 13:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2023/01/msg00030.html -

25 Jul 2022, 18:15

Type Values Removed Values Added
References
  • (N/A) https://www.oracle.com/security-alerts/cpujul2022.html -

28 Apr 2022, 14:31

Type Values Removed Values Added
References (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html - Patch, Third Party Advisory
CPE cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*
cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*
First Time Oracle
Oracle primavera Unifier
Oracle communications Policy Management

20 Apr 2022, 00:15

Type Values Removed Values Added
References
  • (MISC) https://www.oracle.com/security-alerts/cpuapr2022.html -

27 Dec 2021, 18:13

Type Values Removed Values Added
CWE CWE-1321
CVSS v2 : unknown
v3 : unknown
v2 : 7.5
v3 : 9.8
CPE cpe:2.3:a:linuxfoundation:dojo:*:*:*:*:*:node.js:*:*
References (CONFIRM) https://snyk.io/vuln/SNYK-JS-DOJO-1535223 - (CONFIRM) https://snyk.io/vuln/SNYK-JS-DOJO-1535223 - Exploit, Mitigation, Third Party Advisory
References (CONFIRM) https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-2313036 - (CONFIRM) https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-2313036 - Exploit, Mitigation, Third Party Advisory
References (CONFIRM) https://github.com/dojo/dojo/blob/4c39c14349408fc8274e19b399ffc660512ed07c/_base/lang.js%23L172 - (CONFIRM) https://github.com/dojo/dojo/blob/4c39c14349408fc8274e19b399ffc660512ed07c/_base/lang.js%23L172 - Broken Link, Third Party Advisory
References (CONFIRM) https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2313033 - (CONFIRM) https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2313033 - Exploit, Mitigation, Third Party Advisory
References (CONFIRM) https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2313035 - (CONFIRM) https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2313035 - Exploit, Mitigation, Third Party Advisory
References (CONFIRM) https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBDOJO-2313034 - (CONFIRM) https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBDOJO-2313034 - Exploit, Mitigation, Third Party Advisory

17 Dec 2021, 21:15

Type Values Removed Values Added
Summary All versions of package dojo are vulnerable to Prototype Pollution via the setObject function. All versions of package dojo are vulnerable to Prototype Pollution via the setObject function.

17 Dec 2021, 20:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-12-17 20:15

Updated : 2023-12-10 14:09


NVD link : CVE-2021-23450

Mitre link : CVE-2021-23450

CVE.ORG link : CVE-2021-23450


JSON object : View

Products Affected

oracle

  • weblogic_server
  • communications_policy_management
  • primavera_unifier

debian

  • debian_linux

linuxfoundation

  • dojo
CWE
CWE-1321

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')