CVE-2024-21529

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-21529

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-21529.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-21529

Aliases

GHSA-f6v4-cf5j-vf3w

Published

2024-09-11T05:15:02Z

Modified

2024-10-08T04:00:10.347515Z

Summary

[none]

Details

Versions of the package dset before 3.1.4 are vulnerable to Prototype Pollution via the dset function due improper user input sanitization. This vulnerability allows the attacker to inject malicious object property using the built-in Object property proto, which is recursively assigned to all the objects in the program.

References

Affected packages

Git / github.com/lukeed/dset

Affected ranges

Type: GIT
Repo: https://github.com/lukeed/dset
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

16d6154e085bef01e99f01330e5a421a7f098afa

Affected versions

v1.*

v1.0.0

v1.0.1

v2.*

v2.0.0

v2.0.1

v2.1.0

v3.*

v3.0.0

v3.1.0

v3.1.1

v3.1.2

v3.1.3