This page lists publicly disclosed CVE vulnerabilities affecting dot_project dot (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2020-7639 | eivindfjeldstad-dot below 1.0.3 is vulnerable to Prototype Pollution.The function 'set' could be tricked into adding or modifying properties of 'Object.prototype' using a '__proto__' payload. | [email protected] | 5.3 | 0.33% | 2020-04-06 | 2024-11-21 |
| CVE-2020-8141 | The dot package v1.1.2 uses Function() to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype. | [email protected] | 8.8 | 1.04% | 2020-03-15 | 2024-11-21 |