RSS   Vulnerabilities for 'Dotty'   RSS

2021-11-03
 
CVE-2021-23624

CWE-843
 

 
This affects the package dotty before 0.1.2. A type confusion vulnerability can lead to a bypass of CVE-2021-25912 when the user-provided keys used in the path parameter are arrays.

 
2021-02-02
 
CVE-2021-25912

NVD-CWE-Other
 

 
Prototype pollution vulnerability in 'dotty' versions 0.0.1 through 0.1.0 allows attackers to cause a denial of service and may lead to remote code execution.

 


Copyright 2024, cxsecurity.com

 

Back to Top