Prototype pollution vulnerability in dot-prop npm package versions before 4.2.1 and versions 5.x before 5.1.1 allows an attacker to add arbitrary properties to JavaScript language constructs such as objects.
The product does not properly protect an assumed-immutable element from being modified by an attacker.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Dot-prop | Dot-prop_project | * | 4.2.1 (excluding) |
| Dot-prop | Dot-prop_project | 5.0.0 (including) | 5.1.1 (excluding) |
| Red Hat Enterprise Linux 8 | RedHat | nodejs:12-8020020201007080935.4cda2c84 | * |
| Red Hat Enterprise Linux 8 | RedHat | nodejs:10-8030020210118191659.229f0a1c | * |
| Red Hat Enterprise Linux 8.1 Extended Update Support | RedHat | nodejs:12-8010020201006223055.c27ad7f8 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-nodejs12-nodejs-0:12.18.4-3.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | rh-nodejs10-nodejs-0:10.23.1-2.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS | RedHat | rh-nodejs12-nodejs-0:12.18.4-3.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.6 EUS | RedHat | rh-nodejs10-nodejs-0:10.23.1-2.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | RedHat | rh-nodejs12-nodejs-0:12.18.4-3.el7 | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7.7 EUS | RedHat | rh-nodejs10-nodejs-0:10.23.1-2.el7 | * |
| Node-dot-prop | Ubuntu | bionic | * |
| Node-dot-prop | Ubuntu | eoan | * |
| Node-dot-prop | Ubuntu | trusty | * |
| Node-dot-prop | Ubuntu | upstream | * |