CVE-2020-5258: 
MySQL vulnerability analysis and mitigation

In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. The vulnerability was discovered in early 2020 and assigned identifier CVE-2020-5258. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. This vulnerability affects dojo versions prior to 1.12.8, 1.13.0-1.13.6, 1.14.0-1.14.5, 1.15.0-1.15.2, and 1.16.0-1.16.1 (GitHub Advisory).

The vulnerability exists in the deepCopy method within dojo, which is vulnerable to Prototype Pollution. An attacker can manipulate attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. The vulnerability has been assigned a CVSS v3.1 base score of 7.2, indicating a high severity level (NVD).

A successful exploitation of this vulnerability could allow an attacker to manipulate the attributes of JavaScript objects, potentially leading to application-wide data corruption or code execution depending on the context (GitHub Advisory).

The vulnerability has been patched in versions 1.12.8, 1.13.7, 1.14.6, 1.15.3, and 1.16.2. Users are strongly recommended to upgrade to these patched versions. The fix involves adding a check to prevent copying of the proto property during the deep copy operation (GitHub Advisory, GitHub Commit).