GHSA-f6v4-cf5j-vf3w

Suggest an improvement
Source
https://github.com/advisories/GHSA-f6v4-cf5j-vf3w
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/09/GHSA-f6v4-cf5j-vf3w/GHSA-f6v4-cf5j-vf3w.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-f6v4-cf5j-vf3w
Aliases
Published
2024-09-11T06:30:39Z
Modified
2024-09-11T23:27:32.701649Z
Severity
  • 8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L CVSS Calculator
  • 8.8 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N CVSS Calculator
Summary
dset Prototype Pollution vulnerability
Details

Versions of the package dset before 3.1.4 are vulnerable to Prototype Pollution via the dset function due improper user input sanitization. This vulnerability allows the attacker to inject malicious object property using the built-in Object property proto, which is recursively assigned to all the objects in the program.

References

Affected packages

npm / dset

Package

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.1.4