GHSA-ph28-wwfj-fv7f

Source

https://github.com/advisories/GHSA-ph28-wwfj-fv7f

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-ph28-wwfj-fv7f/GHSA-ph28-wwfj-fv7f.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-ph28-wwfj-fv7f

Aliases

CVE-2022-25862

Published

2022-05-14T00:01:08Z

Modified

2026-03-13T22:11:14.314873Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

Prototype Pollution in sds

Details

This affects the package sds from 0.0.0. The library could be tricked into adding or modifying properties of the Object.prototype by abusing the set function located in js/set.js. Note: This vulnerability derives from an incomplete fix to CVE-2020-7618

Database specific

{
    "github_reviewed": true,
    "github_reviewed_at": "2022-05-25T22:53:54Z",
    "cwe_ids": [
        "CWE-1321"
    ],
    "severity": "HIGH",
    "nvd_published_at": "2022-05-13T20:15:00Z"
}

References

Affected packages

npm / sds

Package

Name: sds; View open source insights on deps.dev
Purl: pkg:npm/sds

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

4.4.0

Database specific

source

"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-ph28-wwfj-fv7f/GHSA-ph28-wwfj-fv7f.json"