CVE-2021-23450

Public Exploit

Prototype Pollution

Description

All versions of package dojo are vulnerable to Prototype Pollution via the setObject function.

Link	Tags
https://snyk.io/vuln/SNYK-JS-DOJO-1535223	third party advisory exploit mitigation
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2313033	third party advisory exploit mitigation
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBDOJO-2313034	third party advisory exploit mitigation
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2313035	third party advisory exploit mitigation
https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-2313036	third party advisory exploit mitigation
https://github.com/dojo/dojo/blob/4c39c14349408fc8274e19b399ffc660512ed07c/_base/lang.js%23L172	broken link third party advisory
https://www.oracle.com/security-alerts/cpuapr2022.html	patch third party advisory
https://www.oracle.com/security-alerts/cpujul2022.html	patch third party advisory
https://lists.debian.org/debian-lts-announce/2023/01/msg00030.html	third party advisory mailing list

What is the severity of CVE-2021-23450?: CVE-2021-23450 has been scored as a high severity vulnerability.
How to fix CVE-2021-23450?: To fix CVE-2021-23450, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-23450 being actively exploited in the wild?: It is possible that CVE-2021-23450 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~2% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-23450?: CVE-2021-23450 affects n/a dojo.