← Back

Dot Project

dot_project

2 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Dot
dot
2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-7639
1Dot Project
1Dot
Nov 21, 2024
Apr 6, 2020
N/A· v4
5.3 MEDIUM· v3
5.0 MEDIUM· v2
eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.The function 'set' could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload.
CVE-2020-8141
1Dot Project
1Dot
Nov 21, 2024
Mar 15, 2020
N/A· v4
8.8 HIGH· v3
6.5 MEDIUM· v2
The dot package v1.1.2 uses Function() to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype.