GHSA-297x-8xj4-vcxv

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-297x-8xj4-vcxv/GHSA-297x-8xj4-vcxv.json
Aliases
  • CVE-2020-8141
Published
2022-05-24T17:11:32Z
Modified
2022-06-23T06:55:22Z
Details

The dot package v1.1.2 uses Function() to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype.

References

Affected packages

npm / dot

dot

Affected ranges

Type
SEMVER
Events
Introduced
0
Fixed
1.1.3

Affected versions

Database specific

{
    "last_known_affected_version_range": "<= 1.1.2"
}