Dotty ProjectCVEs & Vulnerabilities
2 CVEs affecting Dotty Project products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.
2 CVEs→ All vendors
Most Affected Products
dotty 2
CVE-2021-23624CRITICAL
This affects the package dotty before 0.1.2. A type confusion vulnerability can lead to a bypass of CVE-2021-25912 when the user-provided keys used in the path parameter are arrays.
3 Nov 2021
9.8
CVSS
CVE-2021-25912CRITICAL
Prototype pollution vulnerability in 'dotty' versions 0.0.1 through 0.1.0 allows attackers to cause a denial of service and may lead to remote code execution.
2 Feb 2021
9.8
CVSS
← PrevPage 1 / 1Next →