vulnerability

IBM WebSphere Application Server: CVE-2020-5258: Vulnerability in Dojo affects WebSphere Application Server (CVE-2020-5258)

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

Mar 10, 2020

Added

Jul 2, 2021

Modified

Jun 23, 2026

Description

In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. This has been patched in versions 1.12.8, 1.13.7, 1.14.6, 1.15.3 and 1.16.2

Solution

ibm-was-upgrade-latest

References

CVE-2020-5258
https://attackerkb.com/topics/CVE-2020-5258
IBM-ibm106443101
https://www.ibm.com/support/pages/node/6443101
https://www.cve.org/CVERecord?id=CVE-2020-5258
https://euvd.enisa.europa.eu/vulnerability/EUVD-2020-0349
CWE-94
CWE-1321
EUVD-EUVD-2020-0349

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report