Vulnerabilities (CVE)

Filtered by vendor Dset Project Subscribe
Filtered by product Dset
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-25645 1 Dset Project 1 Dset 2024-11-21 6.8 MEDIUM 6.5 MEDIUM
All versions of package dset are vulnerable to Prototype Pollution via 'dset/merge' mode, as the dset function checks for prototype pollution by validating if the top-level path contains __proto__, constructor or protorype. By crafting a malicious object, it is possible to bypass this check and achieve prototype pollution.
CVE-2020-28277 1 Dset Project 1 Dset 2024-11-21 7.5 HIGH 9.8 CRITICAL
Prototype pollution vulnerability in 'dset' versions 1.0.0 through 2.0.1 allows attacker to cause a denial of service and may lead to remote code execution.