216.73.217.80

CVE-2024-21529

· Published 11/09/2024 05:15 · Modified 11/09/2024 16:26

Labels: CVE-2024-21529 2024-09-11CVE-2024-21529CWE-1321[email protected]

Essential information

Published
11/09/2024 05:15
Modified
11/09/2024 16:26
Author
Creator
CVSS
8.2 HIGH (v3.1)
CISA KEV
No
CWE
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

CVSS metrics

Description

Versions of the package dset before 3.1.4 are vulnerable to Prototype Pollution via the dset function due improper user input sanitization. This vulnerability allows the attacker to inject malicious object property using the built-in Object property __proto__, which is recursively assigned to all the objects in the program.

NVD status

Status
Awaiting Analysis — CVE has been recently published to the CVE List and has been received by the NVD.
Source
[email protected]
NVD
View on NVD

References