Dot

dot

Vendor: Dot Project • 2 CVEs

CVEs (2)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2020-7639 1Dot Project 1Dot Nov 21, 2024 Apr 6, 2020 N/A· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.The function 'set' could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload.
CVE-2020-8141 1Dot Project 1Dot Nov 21, 2024 Mar 15, 2020 N/A· v4 8.8 HIGH· v3 6.5 MEDIUM· v2 The dot package v1.1.2 uses Function() to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype.