What the vulnerability does

01Description

The dot package v1.1.2 uses Function() to compile templates. This can be exploited by the attacker if they can control the given template or if they can control the value set on Object.prototype.

Key dates

02Disclosure timeline

March 15, 2020 CVE published
August 4, 2024 Record updated