{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-02T08:28:38.480","vulnerabilities":[{"cve":{"id":"CVE-2020-5259","sourceIdentifier":"security-advisories@github.com","published":"2020-03-10T18:15:12.203","lastModified":"2024-11-21T05:33:47.097","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"In affected versions of dojox (NPM package), the jqMix method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. This has been patched in versions 1.11.10, 1.12.8, 1.13.7, 1.14.6, 1.15.3 and 1.16.2"},{"lang":"es","value":"En las versiones afectadas de dojox (paquete NPM), el método jqMix es vulnerable a una Contaminación de Prototipo. La Contaminación de Prototipo se refiere a la capacidad de inyectar propiedades en prototipos de construcciones de lenguaje JavaScript existentes, tales como objetos. Un atacante manipula estos atributos para sobrescribir o contaminar un prototipo de objeto de la aplicación JavaScript del objeto base mediante la inyección de otros valores. Esto ha sido parcheado en las versiones 1.11.10, 1.12.8, 1.13.7, 1.14.6, 1.15.3 y 1.16.2"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N","baseScore":7.7,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:N/I:P/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"NONE","integrityImpact":"PARTIAL","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-94"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-74"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:linuxfoundation:dojox:*:*:*:*:*:node.js:*:*","versionEndExcluding":"1.11.10","matchCriteriaId":"8FE926F0-90A5-4A7D-9C47-15B5D220D9AD"},{"vulnerable":true,"criteria":"cpe:2.3:a:linuxfoundation:dojox:*:*:*:*:*:node.js:*:*","versionStartIncluding":"1.12.0","versionEndExcluding":"1.12.8","matchCriteriaId":"B998EEAA-ED31-4484-B7FE-D984B1ED0A07"},{"vulnerable":true,"criteria":"cpe:2.3:a:linuxfoundation:dojox:*:*:*:*:*:node.js:*:*","versionStartIncluding":"1.13.0","versionEndExcluding":"1.13.7","matchCriteriaId":"0A7B41CB-57BF-418C-B449-FFDA07D13BAB"},{"vulnerable":true,"criteria":"cpe:2.3:a:linuxfoundation:dojox:*:*:*:*:*:node.js:*:*","versionStartIncluding":"1.14.0","versionEndExcluding":"1.14.6","matchCriteriaId":"4273C6F4-9F0C-49D1-B18C-B333C767084A"},{"vulnerable":true,"criteria":"cpe:2.3:a:linuxfoundation:dojox:*:*:*:*:*:node.js:*:*","versionStartIncluding":"1.15.0","versionEndExcluding":"1.15.3","matchCriteriaId":"4869AB30-553C-44D1-A946-AB51D440D2F4"},{"vulnerable":true,"criteria":"cpe:2.3:a:linuxfoundation:dojox:*:*:*:*:*:node.js:*:*","versionStartIncluding":"1.16.0","versionEndExcluding":"1.16.2","matchCriteriaId":"CCC82759-D49E-4D83-A4C1-7C59BE897A32"}]}]}],"references":[{"url":"https://github.com/dojo/dojox/commit/47d1b302b5b23d94e875b77b9b9a8c4f5622c9da","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/dojo/dojox/security/advisories/GHSA-3hw5-q855-g6cw","source":"security-advisories@github.com","tags":["Exploit","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00012.html","source":"security-advisories@github.com"},{"url":"https://github.com/dojo/dojox/commit/47d1b302b5b23d94e875b77b9b9a8c4f5622c9da","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/dojo/dojox/security/advisories/GHSA-3hw5-q855-g6cw","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://lists.debian.org/debian-lts-announce/2020/03/msg00012.html","source":"af854a3a-2127-422b-91ae-364da2661108"}]}}]}