CVE-2024-21529

Published: Sep 11, 2024

Modified: Sep 11, 2024

PUBLISHED

CVSS v3.1

8.2

HIGH

Description

Versions of the package dset before 3.1.4 are vulnerable to Prototype Pollution via the dset function due improper user input sanitization. This vulnerability allows the attacker to inject malicious object property using the built-in Object property __proto__, which is recursively assigned to all the objects in the program.

Vendor	Product	Versions
n/a	dset	affected `0 - < 3.1.4`

Weaknesses (CWE)

CWE-1321

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L/E:P

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

Low

References

https://security.snyk.io/vuln/SNYK-JS-DSET-7116691

https://github.com/lukeed/dset/commit/16d6154e085bef01e99f01330e5a421a7f098afa

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-21529

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References