Versions of the package dset before 3.1.4 are vulnerable to Prototype Pollution via the dset function due improper user input sanitization. This vulnerability allows the attacker to inject malicious object property using the built-in Object property __proto__, which is recursively assigned to all the objects in the program.
History

Wed, 11 Sep 2024 18:30:00 +0000

Type Values Removed Values Added
First Time appeared Dset Project
Dset Project dset
CPEs cpe:2.3:a:dset_project:dset:*:*:*:*:*:node.js:*:*
Vendors & Products Dset Project
Dset Project dset
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 11 Sep 2024 11:15:00 +0000

Type Values Removed Values Added
Title dset: Prototype Pollution
References
Metrics threat_severity

None

threat_severity

Important


Wed, 11 Sep 2024 05:15:00 +0000

Type Values Removed Values Added
Description Versions of the package dset before 3.1.4 are vulnerable to Prototype Pollution via the dset function due improper user input sanitization. This vulnerability allows the attacker to inject malicious object property using the built-in Object property __proto__, which is recursively assigned to all the objects in the program.
Weaknesses CWE-1321
References
Metrics cvssV3_1

{'score': 8.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L/E:P'}


cve-icon MITRE

Status: PUBLISHED

Assigner: snyk

Published: 2024-09-11T05:00:01.507Z

Updated: 2024-09-11T17:51:59.141Z

Reserved: 2023-12-22T12:33:20.122Z

Link: CVE-2024-21529

cve-icon Vulnrichment

Updated: 2024-09-11T17:51:53.455Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-09-11T05:15:02.547

Modified: 2024-09-11T16:26:11.920

Link: CVE-2024-21529

cve-icon Redhat

Severity : Important

Publid Date: 2024-09-11T05:15:02Z

Links: CVE-2024-21529 - Bugzilla