CVE-2024-21529

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-21529
Versions of the package dset before 3.1.4 are vulnerable to Prototype Pollution via the dset function due improper user input sanitization. This vulnerability allows the attacker to inject malicious object property using the built-in Object property __proto__, which is recursively assigned to all the objects in the program.

8.2 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 4.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

References
Link Resource
https://github.com/lukeed/dset/commit/16d6154e085bef01e99f01330e5a421a7f098afa
https://security.snyk.io/vuln/SNYK-JS-DSET-7116691
Configurations

No configuration.

History

11 Sep 2024, 16:26

Type Values Removed Values Added
Summary
  • (es) Las versiones del paquete dset anteriores a la 3.1.4 son vulnerables a la contaminación de prototipos a través de la función dset debido a una desinfección incorrecta de la entrada del usuario. Esta vulnerabilidad permite al atacante inyectar una propiedad de objeto maliciosa mediante la propiedad de objeto incorporada __proto__, que se asigna de forma recursiva a todos los objetos del programa.

11 Sep 2024, 05:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-09-11 05:15

Updated : 2024-09-11 16:26

NVD link : CVE-2024-21529

Mitre link : CVE-2024-21529

CVE.ORG link : CVE-2024-21529

JSON object : View

Products Affected

No product.

CWE
CWE-1321

Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution')


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024