PT-2021-16842 · Dotty · Dotty

Stramel

Published

2021-02-02

Updated

2023-08-08

CVE-2021-25912

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions dotty versions 0.0.1 through 0.1.0

Description The issue is a prototype pollution vulnerability that allows attackers to cause a denial of service and may lead to remote code execution.

Recommendations For dotty versions 0.0.1 through 0.1.0, update to version 0.1.1 or later to resolve the issue.

Exploit

Fix

Prototype Pollution

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-1321CWE-400

Related Identifiers

CVE-2021-25912

GHSA-F5C9-X9J6-87QP

Affected Products

Dotty

PT-2021-16842 · Dotty · Dotty

CVE-2021-25912

Weakness Enumeration

Related Identifiers

Affected Products

References · 9