Home > Vulnerability Database > CVE-2023-45827

Mend.io Vulnerability Database

CVE-2023-45827

Good to know:

Date: November 6, 2023

Dot diver is a lightweight, powerful, and dependency-free TypeScript utility library that provides types and functions to work with object paths in dot notation. In versions prior to 1.0.2 there is a Prototype Pollution vulnerability in the "setByPath" function which can leads to remote code execution (RCE). This issue has been addressed in commit "98daf567" which has been included in release 1.0.2. Users are advised to upgrade. There are no known workarounds to this vulnerability.

Language: JS

Severity Score

7.3

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-45827

Url: https://github.com/clickbar/dot-diver/commit/98daf567390d816fd378ec998eefe2e97f293d5a

Url: https://github.com/clickbar/dot-diver/security/advisories/GHSA-9w5f-mw3p-pj47

Url: https://github.com/clickbar/dot-diver/commit/9790834cf4c2bca75db00e588e58056dacaf602f

Url: https://github.com/clickbar/dot-diver

Url: https://www.mend.io/vulnerability-database/CVE-2023-45827

Severity Score

7.3

Weakness Type (CWE)

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')

CWE-1321

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2023-45827

Good to know:

Date: November 6, 2023

Language: JS

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?