Versions of the package dset before 3.1.4 are vulnerable to Prototype Pollution via the dset function due improper user input sanitization. This vulnerability allows the attacker to inject malicious object property using the built-in Object property __proto__, which is recursively assigned to all the objects in the program.
Metrics
Affected Vendors & Products
References
History
Wed, 11 Sep 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Dset Project
Dset Project dset |
|
CPEs | cpe:2.3:a:dset_project:dset:*:*:*:*:*:node.js:*:* | |
Vendors & Products |
Dset Project
Dset Project dset |
|
Metrics |
ssvc
|
Wed, 11 Sep 2024 11:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Title | dset: Prototype Pollution | |
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Wed, 11 Sep 2024 05:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Versions of the package dset before 3.1.4 are vulnerable to Prototype Pollution via the dset function due improper user input sanitization. This vulnerability allows the attacker to inject malicious object property using the built-in Object property __proto__, which is recursively assigned to all the objects in the program. | |
Weaknesses | CWE-1321 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: snyk
Published: 2024-09-11T05:00:01.507Z
Updated: 2024-09-11T17:51:59.141Z
Reserved: 2023-12-22T12:33:20.122Z
Link: CVE-2024-21529
Vulnrichment
Updated: 2024-09-11T17:51:53.455Z
NVD
Status : Awaiting Analysis
Published: 2024-09-11T05:15:02.547
Modified: 2024-09-11T16:26:11.920
Link: CVE-2024-21529
Redhat