{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-25T11:54:41.004","vulnerabilities":[{"cve":{"id":"CVE-2022-21189","sourceIdentifier":"report@snyk.io","published":"2022-05-01T16:15:08.137","lastModified":"2024-11-21T06:44:03.913","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"The package dexie before 3.2.2, from 4.0.0-alpha.1 and before 4.0.0-alpha.3 are vulnerable to Prototype Pollution in the Dexie.setByKeyPath(obj, keyPath, value) function which does not properly check the keys being set (like __proto__ or constructor). This can allow an attacker to add/modify properties of the Object.prototype leading to prototype pollution vulnerability. **Note:** This vulnerability can occur in multiple ways, for example when modifying a collection with untrusted user input."},{"lang":"es","value":"El paquete dexie versiones anteriores a 3.2.2, a partir de la versión 4.0.0-alpha.1 y anteriores a 4.0.0-alpha.3 son vulnerables a una Contaminación de Prototipos en la función Dexie.setByKeyPath(obj, keyPath, value) que no comprueba apropiadamente las claves que están estableciéndose (como __proto__ o constructor). Esto puede permitir a un atacante añadir/modificar propiedades del Object.prototype conllevando a una vulnerabilidad de contaminación del prototipo. **Nota:** Esta vulnerabilidad puede ocurrir de múltiples maneras, por ejemplo cuando es modificada una colección con una entrada de usuario no confiable"}],"metrics":{"cvssMetricV31":[{"source":"report@snyk.io","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L","baseScore":7.3,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":3.9,"impactScore":3.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-1321"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:dexie:dexie:*:*:*:*:*:node.js:*:*","versionEndExcluding":"3.2.2","matchCriteriaId":"477C397F-F518-4C26-8936-C69EC6205F2B"},{"vulnerable":true,"criteria":"cpe:2.3:a:dexie:dexie:4.0.0:alpha1:*:*:*:*:*:*","matchCriteriaId":"ED9CE1D6-7FE7-4527-9717-9C3AA87616D6"},{"vulnerable":true,"criteria":"cpe:2.3:a:dexie:dexie:4.0.0:alpha2:*:*:*:*:*:*","matchCriteriaId":"9597D1AD-CB91-4D92-BF2A-F9BD48B889CD"}]}]}],"references":[{"url":"https://github.com/dexie/Dexie.js/blob/fe682ef24568278c3b31d9d6c93de095d4b77ae8/src/functions/utils.ts%23L134-L164","source":"report@snyk.io","tags":["Broken Link"]},{"url":"https://github.com/dexie/Dexie.js/commit/1d655a69b9f28c3af6fae10cf5c61df387dc689b","source":"report@snyk.io","tags":["Patch","Third Party Advisory"]},{"url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2805308","source":"report@snyk.io","tags":["Exploit","Third Party Advisory"]},{"url":"https://snyk.io/vuln/SNYK-JS-DEXIE-2607042","source":"report@snyk.io","tags":["Exploit","Third Party Advisory"]},{"url":"https://github.com/dexie/Dexie.js/blob/fe682ef24568278c3b31d9d6c93de095d4b77ae8/src/functions/utils.ts%23L134-L164","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Broken Link"]},{"url":"https://github.com/dexie/Dexie.js/commit/1d655a69b9f28c3af6fae10cf5c61df387dc689b","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2805308","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]},{"url":"https://snyk.io/vuln/SNYK-JS-DEXIE-2607042","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Third Party Advisory"]}]}}]}