VYPR
Low severityNVD Advisory· Published Mar 10, 2020· Updated Aug 4, 2024

Prototype Pollution in Dojox

CVE-2020-5259

Description

In affected versions of dojox (NPM package), the jqMix method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. This has been patched in versions 1.11.10, 1.12.8, 1.13.7, 1.14.6, 1.15.3 and 1.16.2

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
dojoxnpm
< 1.11.101.11.10
dojoxnpm
>= 1.12.0, < 1.12.81.12.8
dojoxnpm
>= 1.13.0, < 1.13.71.13.7
dojoxnpm
>= 1.14.0, < 1.14.61.14.6
dojoxnpm
>= 1.15.0, < 1.15.31.15.3
dojoxnpm
>= 1.16.0, < 1.16.21.16.2

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.