Vulnerability Name: CVE-2020-5258 (CCN-177751) Assigned: 2020-03-10 Published: 2020-03-10 Updated: 2022-07-25 Summary: In affected versions of dojo (NPM package), the deepCopy method is vulnerable to Prototype Pollution. Prototype Pollution refers to the ability to inject properties into existing JavaScript language construct prototypes, such as objects. An attacker manipulates these attributes to overwrite, or pollute, a JavaScript application object prototype of the base object by injecting other values. This has been patched in versions 1.12.8, 1.13.7, 1.14.6, 1.15.3 and 1.16.2 CVSS v3 Severity: 7.7 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N 6.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): HighPrivileges Required (PR): LowUser Interaction (UI): RequiredScope: Scope (S): ChangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): None
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): HighAvailibility (A): None
CVSS v2 Severity: 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): PartialAvailibility (A): None
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:C/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): CompleteAvailibility (A): None
Vulnerability Type: CWE-94 Vulnerability Consequences: Gain Access References: Source: MITRECVE-2020-5258 (CVE-2020-5258) - CVE-2020-5258 dojo: Prototype pollution in deepCopy method could result in code injection dojo-cve20205258-code-injection(177751) https://github.com/dojo/dojo/commit/20a00afb68f5587946dc76fbeaa68c39bda2171d Prototype pollution https://github.com/dojo/dojo/security/advisories/GHSA-jxfh-8wgv-vfr2 [qpid-users] 20210314 Re: Addressing CVE-2020-5258 in Qpid Broker-J [qpid-users] 20210318 Re: Addressing CVE-2020-5258 in Qpid Broker-J [qpid-users] 20210309 Addressing CVE-2020-5258 in Qpid Broker-J [SECURITY] [DLA 2139-1] dojo security update [debian-lts-announce] 20200311 [SECURITY] [DLA 2139-1] dojo security update IBM DataPower Gateway affected by multiple vulnerabilities in Dojo Vulnerabilities in Dojo affect IBM Spectrum Protect Operations Center (CVE-2020-5259, CVE-2020-5258) IBM Tivoli Netcool Impact is affected by IBM Dojo Toolkit vulnerabilities (CVE-2020-5258, CVE-2020-5259) IBM Content Navigator is vulnerable to a Prototype Pollution vulnerability Vulnerabilities in Dojo affect IBM Spectrum Protect Snapshot for VMware (CVE-2020-5259, CVE-2020-5258) Vulnerabilities in Dojo affect IBM Spectrum Protect for Virtual Environments (CVE-2020-5259, CVE-2020-5258) Multiple vulnerabilities in dojo may affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) Multiple vulnerabilities affect IBM Cloud Pak for Automation Vulnerability in Dojo affects WebSphere Application Server (CVE-2020-5258) Financial Transaction Manager for Corporate Payment Services is affected by a potential code injection vulnerability (CVE-2020-5268) Vulnerability in WebSphere Application Server Liberty affects IBM Financial Transaction Manager for Digital Payments for RedHat OpenShift (CVE-2020-5258) Vulnerability in WebSphere Application Server Liberty affects IBM Financial Transaction Manager for Interac e-Transfers for Red Hat OpenShift (CVE-2020-5258) Vulnerability in WebSphere Application Server Liberty affects IBM Financial Transaction Manager for RedHat OpenShift (CVE-2020-5258) Vulnerabilities in WebSphere Application Server affect IBM Cloud Orchestrator and IBM Cloud Orchestrator Enterprise Vulnerabilities in XStream, Java, OpenSSL, WebSphere Application Server Liberty and Node.js affect IBM Spectrum Control IBM Security Guardium is affected by multiple vulnerabilities Information disclosure vulnerability in WebSphere Application Server Liberty Embedded WebSphere Application Server is affected by vulnerability in Dojo, which affects Content Collector for Email A vulnerability in IBM WebSphere Liberty affects IBM WIoTP MessageGateway Security vulnerabilities have been identified in IBM WebSphere Application Server used by IBM InfoSphere Master Data Management IBM Cloud Transformation Advisor is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2020-5258) Security Bulletin: Rational Asset Analyzer is affected by a vulnerability in WebSphere Application Server Liberty (CVE-2020-5258) Multiple vulnerabilities in open source libraries affects Tivoli Netcool/OMNIbus WebGUI Multiple vulnerabilities affect IBM Tivoli Monitoring installed WebSphere Application Server Multiple Security vulnerabilities have been fixed in the IBM Security Verify Access Docker container Multiple Vulnerabilities in IBM WebSphere Application Server Liberty affect IBM LKS Administration and Reporting Tool and its Agent Dojo vulnerability in WebSphere Liberty affects Collaboration and Deployment Services (CVE-2020-5258) A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale. A vulnerability in IBM WebSphere Application Server Liberty affects IBM Elastic Storage System (CVE-2020-5258) Vulnerability in Dojo may affect Curam Social Program Management (CVE-2020-5258) Vulnerability in Dojo affects WebSphere Application Server (CVE-2020-5258) IBM Cloud Private is vulnerable to Dojo vulnerabilities (CVE-2020-5258) A vulnerability in IBM WebSphere Application Server affects IBM Spectrum Scale packaged in IBM Elastic Storage Server (CVE-2020-5258) Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for July 2022 Financial Transaction Manager for Digital Payments, High Value Payments and Corporate Payment Services are impacted by multiple vulnerabilities. EBICs client of IBM Sterling B2B Integrator vulnerable to multiple issues due to Dojo Toolkit Multiple vulnerabilities fixed in IBM Security Verify Governance - Identity Manager Virtual Appliance N/A Oracle Critical Patch Update Advisory - January 2022 https://www.oracle.com/security-alerts/cpujan2022.html Oracle Critical Patch Update Advisory - July 2020 https://www.oracle.com/security-alerts/cpujul2020.html Oracle Critical Patch Update Advisory - July 2021 Oracle Critical Patch Update Advisory - July 2022 N/A Oracle Critical Patch Update Advisory - October 2021 https://www.oracle.com/security-alerts/cpuoct2021.html Vulnerable Configuration: Configuration 1 :cpe:/a:linuxfoundation:dojo:*:*:*:*:*:node.js:*:* (Version >= 1.13.0 and < 1.13.7)OR cpe:/a:linuxfoundation:dojo:*:*:*:*:*:node.js:*:* (Version >= 1.14.0 and < 1.14.6) OR cpe:/a:linuxfoundation:dojo:*:*:*:*:*:node.js:*:* (Version >= 1.15.0 and < 1.15.3) OR cpe:/a:linuxfoundation:dojo:*:*:*:*:*:node.js:*:* (Version >= 1.16.0 and < 1.16.2) OR cpe:/a:linuxfoundation:dojo:*:*:*:*:*:node.js:*:* (Version < 1.11.10) OR cpe:/a:linuxfoundation:dojo:*:*:*:*:*:node.js:*:* (Version >= 1.12.0 and < 1.12.8) Configuration 2 :cpe:/o:debian:debian_linux:8.0:*:*:*:*:*:*:* Configuration 3 :cpe:/a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_unifier:*:*:*:*:*:*:*:* (Version >= 17.7 and <= 17.12) OR cpe:/a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:* OR cpe:/a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:* OR cpe:/a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:* OR cpe:/a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:mysql:*:*:*:*:*:*:*:* (Version >= 8.0.0 and <= 8.0.20) OR cpe:/a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:* OR cpe:/a:oracle:mysql:*:*:*:*:*:*:*:* (Version >= 7.6.0 and <= 7.6.14) OR cpe:/a:oracle:mysql:*:*:*:*:*:*:*:* (Version >= 7.5.0 and <= 7.5.18) OR cpe:/a:oracle:mysql:*:*:*:*:*:*:*:* (Version >= 7.4.0 and <= 7.4.28) OR cpe:/a:oracle:mysql:*:*:*:*:*:*:*:* (Version >= 7.3.0 and <= 7.3.29) OR cpe:/a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:* OR cpe:/a:oracle:documaker:*:*:*:*:*:*:*:* (Version >= 12.6.0 and <= 12.6.4) OR cpe:/a:oracle:communications_application_session_controller:3.9.0:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/a:linuxfoundation:dojo:1.11.10:*:*:*:*:node.js:*:* OR cpe:/a:linuxfoundation:dojo:1.12.0:-:*:*:*:node.js:*:* OR cpe:/a:linuxfoundation:dojo:1.12.7:*:*:*:*:node.js:*:* OR cpe:/a:linuxfoundation:dojo:1.13.6:*:*:*:*:node.js:*:* OR cpe:/a:linuxfoundation:dojo:1.14.0:*:*:*:*:node.js:*:* OR cpe:/a:linuxfoundation:dojo:1.14.5:*:*:*:*:node.js:*:* OR cpe:/a:linuxfoundation:dojo:1.15.0:*:*:*:*:node.js:*:* OR cpe:/a:linuxfoundation:dojo:1.15.2:*:*:*:*:node.js:*:* OR cpe:/a:linuxfoundation:dojo:1.16.0:*:*:*:*:node.js:*:* OR cpe:/a:linuxfoundation:dojo:1.16.1:*:*:*:*:node.js:*:* AND cpe:/a:ibm:websphere_application_server:7.0:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:8.0:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:8.5:*:*:*:*:*:*:* OR cpe:/a:ibm:business_process_manager:8.5:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_netcool/omnibus:8.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:9.0:*:*:*:*:*:*:* OR cpe:/a:ibm:infosphere_master_data_management:11.6:*:*:*:*:*:*:* OR cpe:/a:ibm:financial_transaction_manager:3.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:business_process_manager:8.6:*:*:*:*:*:*:* OR cpe:/a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:* OR cpe:/a:ibm:security_guardium:10.5:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_unifier:17.12:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_asset_analyzer:6.1.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3.0.4:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3.0.5:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3.0.6:*:*:*:*:*:*:* OR cpe:/a:ibm:tivoli_monitoring:6.3.0.7:*:*:*:*:*:*:* OR cpe:/a:ibm:financial_transaction_manager:3.2.0:*:*:*:*:*:*:* OR cpe:/a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_scale:5.0.0.0:*:*:*:*:*:*:* OR cpe:/a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:financial_transaction_manager:3.2.1:*:*:*:*:cps_services:*:* OR cpe:/a:ibm:datapower_gateway:2018.4.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:sterling_b2b_integrator:6.0.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:security_guardium:10.6:*:*:*:*:*:*:* OR cpe:/a:ibm:elastic_storage_server:5.3.0:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_control:5.3.1:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_control:5.3.2:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_control:5.3.3:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_control:5.3.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_orchestrator:2.5.0.10:*:*:*:-:*:*:* OR cpe:/a:ibm:tivoli_netcool/impact:7.1.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:iot_messagesight:2.0:*:*:*:*:*:*:* OR cpe:/a:ibm:iot_messagesight:5.0.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_automation:19.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:17.0.0.3:*:*:*:liberty:*:*:* OR cpe:/a:ibm:content_collector:4.0.1:*:*:*:email:*:*:* OR cpe:/a:ibm:tivoli_application_dependency_discovery_manager:7.3.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_protect_snapshot:4.1.0.0:*:*:*:*:vmware:*:* OR cpe:/a:ibm:security_guardium:11.0:*:*:*:*:*:*:* OR cpe:/a:ibm:security_guardium:11.1:*:*:*:*:*:*:* OR cpe:/a:ibm:spss_collaboration_and_deployment_services:8.2:*:*:*:*:*:*:* OR cpe:/a:ibm:spss_collaboration_and_deployment_services:8.2.1:*:*:*:*:*:*:* OR cpe:/a:ibm:elastic_storage_server:6.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:workload_automation:9.5:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_private:3.2.1:cd:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_protect_operations_center:7.1.0.000:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_protect_operations_center:8.1.0.000:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_protect_operations_center:8.1.9.000:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_protect_operations_center:7.1.10.000:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_automation:20.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:business_automation_workflow:18.0:*:*:*:*:*:*:* OR cpe:/a:ibm:business_automation_workflow:19.0:*:*:*:*:*:*:* OR cpe:/a:ibm:rational_asset_analyzer:6.1.0.23:*:*:*:*:*:*:* OR cpe:/a:ibm:financial_transaction_manager:3.2.4:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_private:3.2.2:cd:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_control:5.3.4:*:standard:*:*:*:*:* OR cpe:/a:ibm:spectrum_control:5.3.5:*:standard:*:*:*:*:* OR cpe:/a:ibm:spectrum_control:5.3.6:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_control:5.3.7:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_automation:20.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:security_guardium:11.2:*:*:*:*:*:*:* OR cpe:/a:ibm:business_automation_workflow:20.0.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_automation:20.0.3:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_control:5.4.1:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_scale:5.1.0:*:*:*:*:*:*:* OR cpe:/a:ibm:workload_scheduler:9.5:*:*:*:*:*:*:* OR cpe:/a:ibm:websphere_application_server:17.0.0.3:*:*:*:liberty:*:*:* OR cpe:/a:ibm:websphere_application_server:21.0.0.3:*:*:*:liberty:*:*:* OR cpe:/a:ibm:websphere_application_server:21.0.0.3:*:*:*:liberty:*:*:* OR cpe:/a:ibm:security_guardium:11.3:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_automation:21.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:security_verify_access_docker:10.0.0:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_automation:21.0.2:-:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_scale:5.0.5.7:*:*:*:*:*:*:* OR cpe:/a:ibm:spectrum_scale:5.1.1.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_automation:19.0.1:*:*:*:*:*:*:* OR cpe:/a:ibm:cloud_pak_for_automation:19.0.2:*:*:*:*:*:*:* OR cpe:/a:ibm:financial_transaction_manager:3.2.9:*:*:*:*:*:*:* OR cpe:/a:ibm:security_verify_governance:10.0:*:*:*:*:*:*:* OR cpe:/a:ibm:sterling_b2b_integrator:6.1.2.1:*:*:*:standard:*:*:* Oval Definitions BACK
linuxfoundation dojo *
linuxfoundation dojo *
linuxfoundation dojo *
linuxfoundation dojo *
linuxfoundation dojo *
linuxfoundation dojo *
debian debian linux 8.0
oracle webcenter sites 12.2.1.3.0
oracle primavera unifier 18.8
oracle primavera unifier *
oracle communications policy management 12.5.0
oracle weblogic server 12.2.1.4.0
oracle primavera unifier 19.12
oracle webcenter sites 12.2.1.4.0
oracle weblogic server 14.1.1.0.0
oracle mysql *
oracle primavera unifier 20.12
oracle mysql *
oracle mysql *
oracle mysql *
oracle mysql *
oracle communications pricing design center 12.0.0.3.0
oracle documaker *
oracle communications application session controller 3.9.0
linuxfoundation dojo 1.11.10
linuxfoundation dojo 1.12.0 -
linuxfoundation dojo 1.12.7
linuxfoundation dojo 1.13.6
linuxfoundation dojo 1.14.0
linuxfoundation dojo 1.14.5
linuxfoundation dojo 1.15.0
linuxfoundation dojo 1.15.2
linuxfoundation dojo 1.16.0
linuxfoundation dojo 1.16.1
ibm websphere application server 7.0
ibm websphere application server 8.0
ibm websphere application server 8.5
ibm business process manager 8.5
ibm tivoli netcool/omnibus 8.1.0
ibm websphere application server 9.0
ibm infosphere master data management 11.6
ibm financial transaction manager 3.0.2
ibm business process manager 8.6
oracle webcenter sites 12.2.1.3.0
ibm security guardium 10.5
oracle primavera unifier 17.12
ibm rational asset analyzer 6.1.0.0
ibm tivoli monitoring 6.3.0.2
ibm tivoli monitoring 6.3.0.3
ibm tivoli monitoring 6.3.0.4
ibm tivoli monitoring 6.3.0.5
ibm tivoli monitoring 6.3.0.6
ibm tivoli monitoring 6.3.0.7
ibm financial transaction manager 3.2.0
oracle primavera unifier 18.8
ibm spectrum scale 5.0.0.0
oracle application testing suite 13.3.0.1
ibm financial transaction manager 3.2.1
ibm datapower gateway 2018.4.1.0
ibm sterling b2b integrator 6.0.0.0
ibm security guardium 10.6
ibm elastic storage server 5.3.0
ibm spectrum control 5.3.1
ibm spectrum control 5.3.2
ibm spectrum control 5.3.3
ibm spectrum control 5.3.0.1
ibm cloud orchestrator 2.5.0.10
ibm tivoli netcool/impact 7.1.0.0
ibm iot messagesight 2.0
ibm iot messagesight 5.0.0.0
ibm cloud pak for automation 19.0.3
ibm websphere application server 17.0.0.3
ibm content collector 4.0.1
ibm tivoli application dependency discovery manager 7.3.0.0
ibm spectrum protect snapshot 4.1.0.0
ibm security guardium 11.0
ibm security guardium 11.1
ibm spss collaboration and deployment services 8.2
ibm spss collaboration and deployment services 8.2.1
ibm elastic storage server 6.0.0
ibm workload automation 9.5
ibm cloud private 3.2.1 cd
ibm spectrum protect operations center 7.1.0.000
ibm spectrum protect operations center 8.1.0.000
ibm spectrum protect operations center 8.1.9.000
ibm spectrum protect operations center 7.1.10.000
ibm cloud pak for automation 20.0.1
ibm business automation workflow 18.0
ibm business automation workflow 19.0
ibm rational asset analyzer 6.1.0.23
ibm financial transaction manager 3.2.4
ibm cloud private 3.2.2 cd
ibm spectrum control 5.3.4
ibm spectrum control 5.3.5
ibm spectrum control 5.3.6
ibm spectrum control 5.3.7
ibm cloud pak for automation 20.0.2
ibm security guardium 11.2
ibm business automation workflow 20.0.0.1
ibm cloud pak for automation 20.0.3
ibm spectrum control 5.4.1
ibm spectrum scale 5.1.0
ibm workload scheduler 9.5
ibm websphere application server 17.0.0.3
ibm websphere application server 21.0.0.3
ibm websphere application server 21.0.0.3
ibm security guardium 11.3
ibm cloud pak for automation 21.0.1
ibm security verify access docker 10.0.0
ibm cloud pak for automation 21.0.2 -
ibm spectrum scale 5.0.5.7
ibm spectrum scale 5.1.1.1
ibm cloud pak for automation 19.0.1
ibm cloud pak for automation 19.0.2
ibm financial transaction manager 3.2.9
ibm security verify governance 10.0
ibm sterling b2b integrator 6.1.2.1
Denotes that component is vulnerable