Show filters
2 Total Results
Displaying 1-2 of 2
Sort by:
Attacker Value
Unknown

CVE-2021-23624

Disclosure Date: November 03, 2021 (last updated February 23, 2025)
This affects the package dotty before 0.1.2. A type confusion vulnerability can lead to a bypass of CVE-2021-25912 when the user-provided keys used in the path parameter are arrays.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-25912

Disclosure Date: February 02, 2021 (last updated February 22, 2025)
Prototype pollution vulnerability in 'dotty' versions 0.0.1 through 0.1.0 allows attackers to cause a denial of service and may lead to remote code execution.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0