How severe is CVE-2023-45827?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2023-45827?

This is classified as CWE-1321, which is a common weakness in software security.

CVE-2023-45827 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

Dot diver is a lightweight, powerful, and dependency-free TypeScript utility library that provides types and functions to work with object paths in dot notation. In versions prior to 1.0.2 there is a Prototype Pollution vulnerability in the `setByPath` function which can leads to remote code execution (RCE). This issue has been addressed in commit `98daf567` which has been included in release 1.0.2. Users are advised to upgrade. There are no known workarounds to this vulnerability.

Related Vulnerabilities

CVE-2019-0230

CRITICAL

CVSS:9.8(Critical)

Apache Struts 2.0.0 to 2.5.20 forced double OGNL evaluation, when evaluated on raw user input in tag attributes, may lead to remote code execution.

CWE-13212019

CVE-2019-14379

CRITICAL

CVSS:9.8(Critical)

SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leadi...

CWE-13212019

CVE-2019-19919

CRITICAL

CVSS:9.8(Critical)

Versions of handlebars prior to 4.3.0 are vulnerable to Prototype Pollution leading to Remote Code Execution. Templates may alter an Object's __proto__ and __defineGetter__ properties, which may allow...

CWE-13212019

CVE-2020-28269

CRITICAL

CVSS:9.8(Critical)

Prototype pollution vulnerability in 'field' versions 0.0.1 through 1.0.1 allows attacker to cause a denial of service and may lead to remote code execution.

CWE-13212020

CVE-2020-28270

CRITICAL

CVSS:9.8(Critical)

Prototype pollution vulnerability in 'object-hierarchy-access' versions 0.2.0 through 0.32.0 allows attacker to cause a denial of service and may lead to remote code execution.

CWE-13212020

CVE-2020-28271

CRITICAL

CVSS:9.8(Critical)

Prototype pollution vulnerability in 'deephas' versions 1.0.0 through 1.0.5 allows attacker to cause a denial of service and may lead to remote code execution.

CWE-13212020