vulnerability
Ubuntu: USN-8041-1 (CVE-2023-26132): Dottie vulnerability
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | Jun 10, 2023 | Jun 26, 2025 | Feb 16, 2026 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Jun 10, 2023
Added
Jun 26, 2025
Modified
Feb 16, 2026
Description
Versions of the package dottie before 2.0.4 are vulnerable to Prototype Pollution due to insufficient checks, via the set() function and the current variable in the /dottie.js file.
Solution
ubuntu-pro-upgrade-node-dottie
References
- CVE-2023-26132
- https://attackerkb.com/topics/CVE-2023-26132
- CWE-1321
- UBUNTU-USN-8041-1
- URL-https://github.com/mickhansen/dottie.js/blob/b48e22714aae4489ea6276452f22cc61980ba5a4/dottie.js%23L107
- URL-https://security.snyk.io/vuln/SNYK-JS-DOTTIE-3332763
- URL-https://ubuntu.com/security/notices/USN-8041-1
- URL-https://www.cve.org/CVERecord?id=CVE-2023-26132
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.